By Chris Tribbey
IT security professionals often spend too much time trying to adhere to outside regulations, instead of working on protecting their companies against cyber threats, and they’re being overwhelmed by increased network complexity and disparate technology, according to a new survey.
The study from Overland Park, Kan.-based security management company FireMon, undertaken at the Infosecurity Europe confab in June, saw nearly 30% of cyber security professionals admitting they’ve “[compromised] their ethics to pass audits,” with 51% saying they spend more time managing administrative and regulatory hassles than actually working on security.
Fifty-six percent said they’ve purchased an unnecessary security product, purely to meet compliance regulations, while 52% of IT security professionals said they’ve made concessions with their company’s security in order to meet business demands.
“The purpose of this survey was to find out how IT security professionals were coping with the workload that is involved when it comes to managing network security and dealing with its growing complexity,” said Michael Callahan, CMO for FireMon. “The results are a good reminder about the mounting pressures that are placed on IT security staff from inside as well as outside organizations.
“… More technology is rarely the answer – instead, good management is the key.”
Detailed visibility into firewall rules, clearly set policies regarding security, understanding an organization’s unique vulnerabilities, real-time monitoring by a company’s security team, and exchange of information between disparate systems are all crucial components in helping IT security heads do their jobs, the study found.