How to survive a compliance audit

Ipswitch polled 313 IT professionals in United States with 59 percent noting that they were not fully prepared to undergo an audit. Additionally, 75 percent of respondents lacked confidence that colleagues authorized to work with sensitive information are adequately protecting it.

When asked what they would be willing to do instead of a compliance audit, nearly half of all respondents (46 percent) would either undergo a root canal procedure, work over the holidays, live without electricity for a week or eat a live jellyfish.

As challenging and costly as audits can be, in particular when it comes to allocation of resources as the respondents reported, David Canellos, CEO of Perspecsys, believes it is important that companies are able to show an auditor early in the process that data has been encrypted or tokenized across the vast majority of systems – within an enterprise as well as their cloud apps.

“IT pros face a two-part challenge. They have to get a handle on classifying and ensuring that all users know what data the enterprise deems to be sensitive and then they need to provide tools, whether the data is on-premise or in the cloud, to ensure it can be encrypted without causing business operation hiccups. If the security approaches create operational issues for end-users of data they will do their best to figure out a way around them. Techniques such as on-the-fly tokenizing or encrypting data that policies identify as sensitive can help make the use of cloud applications much more manageable,” Canellos added.

IT professionals are unprepared for audits and lack confidence in user security:

• More than half of IT professionals (59 percent) admit they are not prepared to undergo a compliance audit today
• 75 percent of respondents are only somewhat confident or not confident at all that colleagues authorized to work with sensitive information are being cautious and taking the steps to fully protect that data
• One-third of IT professionals (34 percent) believe data loss prevention is the most important security measure for their organization followed by security policies (24 percent), data encryption (18 percent), tracking and reporting (18 percent) and identity management (six percent).

Compliance audits are disruptive and consume significant IT resources:

• 52% of IT professionals find the allocation of IT resources is the costliest part of a compliance auidt
• Another 18 percent of respondents point to critical project delays, while 13 percent say just the emotional strain and stress alone is the costliest part of an audit.

IT professionals would rather undergo a root canal procedure than endure a compliance audit:

• About 1 in 5 IT professionals polled (18 percent) would rather undergo a root canal procedure than a compliance audit, followed by 15 percent of respondents who would rather work during the holidays than participate in an audit
• Eight percent would live without electricity at home for a week and five percent would even eat a live jellyfish rather than endure a compliance audit.