Industry Research : Tufin Survey Highlights The Need To Automate Compliance Audits
Tufin Technologies, provider of Security Policy Management solutions, today announced the results of a survey assessing how the recently announced updates to EU Data Protection legislation will impact IT compliance efforts. 42% of the 100 network security managers sampled by the firewall management software provider said the proposed changes led to increased risk awareness within their organization; 34% stated that their attitude towards Continuous Compliance had changed as a result, and 54% believe that automating audits would reduce the organization’s risk of violating the law.
"While 29% of respondents have partially automated compliance audits, those processes that are not automated run the risk falling out of compliance the moment after the auditor signs off on the audit," said Shaul Efraim, vice president of Marketing and Business Development for Tufin Technologies. "Many of our customers experienced that scenario when they first began their PCI DSS compliance efforts. Organizations that use our software to automate the firewall audit process report they have much more control over the aspects of PCI DSS that we address, which aids their ongoing compliance efforts. Tufin’s automation can deliver the same value to any organization that will need to comply with future changes to EU data protection and privacy laws."
Tufin executed this survey in response to the January 2012 announcement by European Commissioner for Justice that outlined plans to enhance data protection rights for individuals across Europe and increase the responsibility and accountability of organizations handling records containing the information of EU citizens. If adopted, the new legislation would apply to all organizations that do business in Europe.The draft guidelines reflect a growing concern about the way in which personal details are captured, handled and stored in today’s highly complex information age. Proposed changes include severe fines of up to 2% of revenues for privacy violations and a requirement that, under certain circumstances, organizations report privacy breaches to authorities and affected individuals within 24 hours of the breach being noticed.
Tufin asked respondents what they felt was best way to reduce the risk of a fine due to non-compliance. Feedback from survey respondents was just as interesting as the statistical data: one IT security professional said that good company security standards would assist in this regard, while another professional favored a strict compliance strategy, with "data security awareness program across the organizations - and online monitoring of compliance checks - helping in reducing the risk of fines due to non-compliance." Another IT security professional was in favor of even more draconian penalties, pressing for legislation that directly (financially) penalizes staff for actions that cause a breach.
Today's Tip of the Day - 5 Ways To Start Motivating Agents Today!
More Editorial From Tufin Technologies
Published: Friday, March 9, 2012
Semafone provides secure voice transactions for contact centres and retailers taking Cardholder Not Present (CNP) payments. The solution allows a call - and the call recording - to continue as normal ...
NICE (NASDAQ: NICE), is a worldwide provider of intent-based solutions that capture and analyze interactions and transactions, realize intent, and extract and leverage insights to deliver impact in re...
Noble Systems Corporation is a global provider of contact center, workforce engagement, and analytics technologies, offering premise, cloud, and hybrid platforms. Noble Systems has been providing inno...
|Genex Infosys Limited|
Genex Infosys is managed by a group of young and dynamic people having extensive knowledge and global exposure in the field of BPO and IT services. Genex is the largest BPO Company in Bangladesh is an...