Communications Security, Compliance Offload to IT Departments

MBA (5/13/2008 ) Palaparty, Vijay
Despite a 57 percent increase in spam in 2007, a report from Google reveals that 53 percent of executives—CEOs, CIOs and CTOs—believe their IT departments hold sole responsibility for communications security and compliance; only 18 percent believe it rests equally with end-users.
“Executives look to IT personnel—not end-users—to ensure security and compliance,” said Amanda Kleha, product marketing manager in the enterprise division of Google, Mountain View, Calif. “The burden rests squarely on the shoulders of IT personnel. Only 25 percent of executives felt that their users should shoulder the responsibility of ensuring the safety and compliance of electronic communications. Users certainly play a role in being aware of and vigilant about maintaing secure communications and ensuring compliance."

The average unprotected user would have received 36,000 spam messages last year; it continues to be the top communication security issue facing companies, according to the report, 2008 Annual Google Communications Intelligence Report.

“In communications security, respondents were most worried about protecting themselves against spam, viruses and worms; securing their mobile workforce; ensuring the availability and continuity of business—and handling the strain these challenges place on their IT resources,” the report said.

“Respondents acknowledge that ensuring communications security and compliance is not a simple task and serious challenges exist in both areas,” Kleha said. “Top challenges organizations face in meeting compliance goals are planning for disaster recovery, ensuring compliant business processes, preventing unintentional data leakages and protecting internal systems from breach by hackers.”

Kleha said while security and compliance are of greater concern, they also negatively impact IT productivity. “At the close of 2007, executives were extremely concerned about the impact of communications security and compliance on IT productivity,” she said. “Time spent ensuring adherence to compliance producers—46 percent, arranging system upgrades to enhance security—44 percent and overcoming network delays or outages due to security breaches—42 percent, were all high on respondents’ lists of concerns.”

The report said software-as-a-service has potential to address productivity issues, however. “The benefits of a solution based on the SaaS approach directly address the IT productivity issues including ease of implementation, maintenance, troubleshooting and overall effectiveness,” Kleha said. “Thirty-one percent of organizations already use some type of SaaS solution because of the benefits.”

Looking ahead, Google expects the number of threats to stabilize but anticipates a dramatic increase in their complexity. “Businesses will be challenged to identify new and different types of malicious content as well as protect sensitive information against evolving social engineering techniques that circumvent security measures by manipulating or tricking users into disclosing or performing actions that divulge confidential data,” the report said. “To prevent those potential data leaks, we expect organizations to place increased emphasis on outbound security policies and content encryption in the year ahead.”

“The continued growth in electronic messaging—and the accompanying surge in spam—is a consistent and increasingly painful thorn in the side of IT professionals," Kleha said. "In most organizations, it is the IT department that is held accountable for ensuring the security and compliance of their electronic communications, but the obstacles to success are significant."

Kleha said IT professionals are attempting to secure mobile workforces, ensuring both availability and continuity of business processes, meeting compliance goals, planning for disaster recovery, preventing data leakage and protecting internal systems from hackers. “It’s no wonder IT professionals are feeling the pain most acutely in their productivity levels,” she said.