Regulatory compliance remains top concern in 2011
1 min read
Regulatory compliance will be the top business issue affecting business IT in the next 12—18 months, as risk and complexity continue to grow.
That's among key findings of a major study by the independent IT, security, and audit association ISACA, which surveyed more than 2,400 of its members across 126 countries.
Business issues that traditionally challenge ISACA members – such as compliance, governance and information security management – continue to dominate IT professionals' agenda. However, the increase in regulations, data breaches and new technologies, such as cloud computing, and the rise of personal technology in the workplace are making complexity and risk tougher nuts to crack.
"This year's survey shows more clearly than ever that IT cannot be managed in a vacuum," comments Tony Noble, CISA, a member of ISACA's Guidance and Practices Committee and vice president of IT audit at Viacom.
"From the growing number of government regulations to consumer privacy concerns to 'hacktivist' attacks, enterprise IT assets are being challenged in ways that go far beyond the server room," he adds.
Noble points out that companies are facing a need to manage growth in a challenging global economy, while simultaneously complying with a growing number of regulations and standards.
He cites Basel, Frank-Dodd, PII, Do Not Track, Solvency II and HITECH Meaningful Use, as well as an overall tightening of tax and privacy regulations worldwide among new or changed regulations expected to impact enterprise IT in the next 12—18 months.
Within this topic, the top-ranked technology concern (chosen by 53% of respondents) was segregation of duties and privileged access monitoring, he says.
Noble also suggests that the study reveals a marked perception that the business side of any organisation believes IT is managed in silos. That, he says, "indicates an opportunity for better aligning business with IT to unlock greater value".
Regulatory compliance was the top IT issue, closely followed by enterprise-based IT management and governance. Third was information security management; then disaster recovery and business continuity; managing IT risks at five; vulnerability management sixth; and continuous process improvement and business agility seventh.
Just beyond this year's top seven weighted concerns were: cloud computing, mobile device management, virtualisation and business intelligence—al of which ISACA expects to but are expected to rise in importance in future member surveys.
