The Canadian Advanced Technology Alliance (CATAAlliance) has identified a lack of IT security best practices as one of the top challenges faced by IT security professionals, according to a new report.
CATA partnered with Microsoft Canada to conduct a survey of 322 IT security professionals across Canada. The primary goal was to determine the security issues that have the greatest impact on IT workers and to learn more about the perceptions IT pros have about the field in which they work.
The need for best practices knowledge was identified by 16 per cent of respondents as the top IT Security challenge affecting organizations today. Coming in at a close second was data protection, cited by 15 per cent of respondents, and access management as the third rated challenge, which was answered by 13 per cent of those surveyed.
“The lack of best practices being one of the primary challenges was certainly one we weren’t anticipating when we started this study,” Kevin Wennekes, CATA’s vice-president of research, said. “We knew it would be an issue, but for it to be identified at the top as an overarching challenge came as a bit of a surprise to us.”
Also surprised was Francis Ho, executive officer at the Federation of Security Professionals in Toronto, who expected both data protection and access management concerns to rank higher than best practices.
“It’s certainly a surprising result because there’s so much information out there, with a lot of good server hardening guides to be found all over the Internet,” Ho said. “Data protection is one that should definitely be high on the list as everybody is concerned about information leaving the organization today. In the old days, everything used to be paper-based but now you can make a copy of a file and port it off to your iPod Nano without a trace.”
But despite the unanticipated results, Wennekes said he believes improving best practices can actually help address some of the other top security issues that IT pros face on a daily basis.
“I think solid best practices, if it was more known or shared, could easily help tackle the challenges identified with data protection or access management,” Wennekes said.
Another finding indicated that IT security professionals believe that their organizations don’t put enough emphasis on IT security challenges and, often times, react after the problem arrives on their doorstep.
“I see a lot of basic processes like simple hardening of servers that still isn’t being done as the norm, so while some organizations get it, many others don’t,” Ho said. “Larger organizations tend to understand security better and it also depends on the industry. For example, the larger banks get it, but if you’re in manufacturing and you’re producing textiles, security might be overlooked. It’s largely dependent on the industry you’re in and the historic value they place on security.”
To address these issues, CATA recommended that the industry develop industry-wide best practices, establish a research series of IT security professional perspectives reports, undertake a study to determine the value of an IT security skills set, and work to define Canada’s global IT security brand.