CIO

Tech pros in healthcare, retail and finance admit they are failing on data compliance

Not enough manpower and too much data growth

Most technology pros charged with maintaining compliance at tightly regulated healthcare, retail and financial organisations admit they are failing.

Dell questioned 200 compliance technology professionals and found the worrying trend in the governance, risk and compliance (GRC) area.

The survey found that 83 percent of respondents believed their organisation's security would be improved if the security and compliance teams worked more closely and shared more information.

Fewer than 50 percent said employees adding new data sources to the environment for compliance and security take the time to inform the security and compliance teams about the new data.

And 59 percent of respondents cited limited manpower and 49 percent mentioned growth in the amount of data, as the number one and two causes for concern in meeting GRC objectives.

Organisations are also concerned about their ability to prevent unauthorised access and changes to sensitive data, setting them up for a potential data breach.

The survey found that 93 percent of respondents are concerned about their ability to prevent unauthorised changes, and 61 percent are concerned about both external and internal unauthorised access.

In addition, organisations are not confident they are capturing all compliance data needed to maintain regulatory standards, and a large percentage have no consistent process for managing the volume of data required for regulatory control.

Less than 50 percent of respondents proactively review or remove data sources that are no longer required, putting a large portion of organisations at a much higher risk of security threats. And only 11 percent of respondents are very confident that their organisation is capturing all the data necessary to detect, investigate and determine the root cause of an incident or data breach

Less than 50 percent of respondents have a "consistent process" in place for adding regulatory data sources.

Tim Sedlack, senior product manager for GRC solutions at Dell, said: "Too often we are seeing security and compliance failures that don't have to happen.

"Regulated industries like healthcare, retail and financial services have a tough road when it comes to meeting their governance, risk and compliance objectives, and our survey results show they are worried about it."