64 per cent of UK firms jeopardise IT security and compliance, survey reveals

That's the headline figure form its European IT security study, which also reveals that the UK lags countries such as France (23%), Ireland (50%), and Italy (60%). Without taking the necessary steps to identify sensitive data throughout the enterprise and protect it from loss or misuse, UK companies are putting themselves at risk, says Simon Godfrey, director, information security, risk and compliance at CA According to the study, IT departments across the UK are struggling to deal with compliance issues, such as the payment card industry data security standard (PCI DSS) and the ISO 27001 information security standard. Surprisingly, they are unaware of how technology could help and many are unable to convince the business of the inherent risks to justify the required investment. This is despite the fact many UK organisations expect data privacy and national security to be the two areas of regulation that will impact them the most in the next five years. Further, with more organisations adopting cloud computing to process and store data on an infrastructure managed by third parties, the need to apply security policies at the data level is stronger than ever. The CA survey highlights that IT security is a key factor in enabling the safe use of cloud computing. DLP tools help with understanding the sensitivity of data and enable real time decisions to be made about what is, and what is not, allowed to be processed and stored in each cloud environment, explains Godfrey. The survey shows that a lack of time, a 'lack of compliance vision', and scarce resource availability mean that IT managers find it difficult to address many compliance issues. Godfrey insists that all of these problems would easily be solved if organisations could track and control their data more effectively. However, it would not appear to be a priority: the research reveals that 'tracking the use of data' is believed to be less of a hindrance to compliance among UK organisations. "The survey findings, provide clear and timely evidence that UK organisations require DLP technology in order to effectively support their compliance requirements, protect their brand value, and maximise competitiveness," says Godfrey. "As network perimeters continue to blur, it is clear that security needs to be applied to the data throughout its lifecycle. Information needs to be understood with policies applied to enforce who can use it and how," he adds. His view: "Linking DLP with IAM provides the right combination to achieve this, allowing organisations to discover, monitor and control critical information wherever it is located, while ensuring that the information is only used by the right individuals in the right way and according to their roles and privileges." Bob Tarzey, analyst and director with Quocirca, comments: "Recent high profile data breaches demonstrate that electronically-stored data is often insufficiently cared for. This failure to protect data is costly, not least because of the level of fines now being imposed by regulators. "On top of this there is the reputational damage and loss of competitive advantage that usually ensue. The technology exists today to link the use of data to people through enforceable policies." The research for 'You sent what? Linking identity and data loss prevention to avoid damage to brand, reputation, and competitiveness' was conducted by Quocirca, with 270 IT directors, IT security managers, and other IT managers in 14 countries including Belgium, Denmark, Germany, Finland, France, Ireland, Israel, Italy, the Netherlands, Norway, Portugal, Spain, Sweden and the UK.