Deceptive IT practices put audits at risk. Wednesday 28 September 2011 PDF Print On average IT security staff spend about 30% on their time on the mundane task of preparing for audits Reading, Berkshire: Osirium (www.osirium.com) a leader in Privileged User & Infrastructure Management has today released findings from a new, independent, security focused research report. The study was commissioned by Osirium to highlight IT practices with hidden and potentially serious consequences that would have a major impact on businesses. The most significant and worrying finding, according to David Guyatt, CEO at Osirium, was that “over 70% of those surveyed admitted that system administrators often make uncontrolled IT changes immediately prior to audits in order to meet compliance, after which they then let these changes lapse. If the auditors knew this was the case, they would surely fail the audit in the first place.” These findings appear to suggest that organisations are willing to accept the risks associated with making such informal and uncontrolled changes rather than dealing directly with the costs of repeating failed audits which would also impact on resources and performance & analysis reports presented to senior management. The report also highlights that IT staff typically spend as much as 30% of their time preparing for, and delivering, audits while less than 20% of the organisations polled fully automate the gathering of data for such audits. Fewer than 10% of those questioned said that they automate the remediation of audit gaps. “On average IT security staff spend about 30% on their time on the mundane task of preparing for audits,” said Bob Tarzey, Analyst and Director at Quocirca. “This new research shows that in many organisations it is senior IT staff that end up manually collecting much of the required data. If the task could be undertaken automatically they would be free to focus on more productive activities.” “All of these issues have an underlying cause which revolves around the inability of organisations to automate compliance related activities and tasks,” continues Guyatt, “The technology is already available to automate these tasks, perform internal compliance audits and remediate gaps to ensure organisations remain compliant between audits. If they used Osirium they wouldn’t have to dedicate so much time preparing for audits and making all those informal and uncontrolled changes, which are deemed non-compliant practices anyway.” About the Research The research was completed by QuoCirca in August 2011 and 100 interviews were collected. At the time of answering the questions, those surveyed were not aware that the research was being conducted on behalf of Osirium. Respondents were qualified in as follows: – Must be involved in IT management with one of the following job functions: IT manager, IT security manager, IT infrastructure manager – Must answer yes to: “are you involved with, or knowledgeable in how your organisation views and manages issues relating to privileged users (that is how the granting of the extra privileges that IT administrators require to do their jobs is controlled), the automation of IT admin tasks and how these issues relate to your organisation’s ability to meet the regulatory requirements that govern it?” About Osirium Osirium drives down operational risk and eases the pain of managing and maintaining multi-vendor IT infrastructures by providing a central, secure access point and a “built-in” best practice foundation which tracks all SysAdmin changes in the infrastructure and enables you to easily meet and maintain compliance. Osirium dramatically improves productivity and reduces human error by automating routine and repetitive SysAdmin tasks and delegating them to less costly help desk staff, to provide faster problem resolutions with fewer errors. Osirium is establishing itself as a new and unique IT infrastructure security solution and is already helping some of the world’s biggest brands and public sector bodies. For more information please see: www.osirium.com Media contact: Clare Shephard maillot jaune communications tel: 07736 793332 eml: email@example.com Osirium contact: Andre Armstrong tel: 0118 324 2444 eml: firstname.lastname@example.org This press release was distributed by ResponseSource Press Release Wire on behalf of Maillot Jaune Communications in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.