Study spotlights shoddy IT security planning

Wednesday, January 26, 2011

Chilean firms are rife with IT security planning errors, but have made strides in disaster preparation, Ernst & Young (E&Y) Chile risk and management advising partner Andrés Acuña told BNamericas.

Acuña based his remarks on the Chile-focused edition of the international study "Borderless Security, Global Information Security Survey." The full study on Chile will be published this March, but BNamericas was provided advanced access to the investigation's preliminary findings.

The inquiry showed that Chilean companies' IT security problems do not lie as much in the lack of dollars, but rather in the lack of human sense.

Start your 15 day free trial now!


Already a subscriber? Please, login

E&Y found that 58.3% of companies surveyed have increased IT security spending as a percentage of overall budget during the last five years, while 27.8% have maintained their security budgets and 13.9% have slashed such spending.

"But they are committing the same errors that they made almost 30 years ago in terms of not defining the project well enough and leaving security as the last priority," Acuña said. "There's a lack of planning, project structuring and correct measurement of the project's impact."

The analyst said that last year's change in government still has public sector officials playing catch-up in terms of IT security planning.

"They are focused on understanding the processes and technologies associated with their ministries," according to Acuña. "The complexity of what they are taking over still has them looking [and saying], 'What is that?' Consequently, there is a lack of concern for security."

Breakneck adoption of mobile devices and new technologies such as virtualization are seen creating additional IT security headaches, according to the executive.

"There is a substantial change that has to do with mobility. This is a trend that all workers dedicated to security will have to suffer through," he said. "Today, everything is virtual. ... For everything that is virtualized and appears and disappears, how do you check all of that?"


On the positive side, Chilean companies have pushed ahead in implementing disaster contingency plans, especially in the wake of last year's magnitude-8.8 earthquake.

E&Y found that operational continuity represents a significant focus point, with 22% of Chilean firms reporting that this area figures among their top five IT security concerns, followed by data loss and operational risks, both of which were cited by 16.1% of firms.

"What they have done is create contingency plans that they never had," Acuña said. "There was more awareness among data center providers because of the problems that had arisen there."

E&Y's study surveyed 53 Chilean firms from a variety of vertical markets. The investigation was carried out between January 12 and 18.