A recent InfoWord article (by Matt Hines) titled “Report: 90 percent of companies fail compliance” provides an interesting anticipation of the findings of an IT Policy Compliance Group’s report, to be published on July 18:
“The consortium of IT compliance and security experts concludes that some 90 percent of all businesses still do not have sufficient policies in place to meet data governance regulations and adequately limit the risk of a breach. In the survey of 475 companies, a third of whom reported revenues of more than $1 billion last year, the industry group found that an overwhelming majority of the firms expect to deal with at least six business disruptions related to major data incidents per year along with five or more instances of information loss or theft.
While businesses continue to invest policy enforcement software, and other technologies aimed at helping them meet data-handling regulations, said James Hurley, managing director of IT Policy Compliance Group, most are still struggling to fill all the gaps left in their systems that leave them open to potential incidents.”
These findings do not surprise me too much. I believe that the areas of data-handling management (in a policy-compliant way) and policy enforcement are very complex and still open to research and contributions.
In particular, I see opportunities in the space of “Federated Policy Management”, i.e. how to model, federate, align, manage, enforce and monitor (heterogeneous) policies across multiple IT layers (systems, data repositories, middleware, applications/services, etc.) – when dealing with sensitive information and data. Another important area is how to effectively track the location and storage of sensitive data in complex and distributed organisations, along with related data flows.
No comments:
Post a Comment