Wednesday, April 7, 2010

Wasted Effort - Compliance Does Not Equal Security

A recently published report by Forrester, sponsored by security company RSA, assessed the data security practices of enterprises. Enterprise security programs protect two types of data: secrets (assets that confer a competitive advantage) and custodial data (assets that they are compelled to protect). What the report found is that when enterprises are over focused on compliance they neglect protecting the secrets. As an example, enterprises devote 40% of their security budgets to compliance management, but secrets consist of two-thirds of a company's information portfolio.

No comments:

Post a Comment