75% of respondents say implementing a meaningful data privacy program is a competitive difference in their space
SANTA CLARA, Calif., June 22, 2022 (GLOBE NEWSWIRE) – Baffle today released a report titled “Using the Compliance Budget to Advance Security Priorities,” detailing insights and trends related to compliance, security and privacy. The survey polled more than 200 technology leaders from medium to large-sized organizations across North America, representing more than 10 industry verticals.
Baffle -sponsored research, conducted by analyst firm Enterprise Management Associates (EMA), examines the impact of the budget on adherence to security strategy and priorities. It describes the areas where companies prioritize information security and compliance, which leaders control information security spending, how compliance has shifted the organization’s overall security strategy, and the solutions. and tools by which organizations focus their spending on technology.
“This study confirms our long-standing theory that when security and compliance have a unified approach and perspective, every department and employee within the organization will benefit, as well as the business customer,” Christopher said. M. Steffen, CISSP, CISA, managing research director of EMA. “Most organizations view compliance and compliance -related activities as” the value of the business, “something they need to do in order to conduct operations in certain markets. More and more, organizations are moving forward. that mindset is looking for ways to maximize their competitive advantage in their markets and having the best data privacy program or compliance program is something that smarter customers are interested in, especially in organizations with global reach.Compliance is no longer a “table stakes” measure: comprehensive compliance programs focused on data security and privacy can make a difference in very tight markets and are often a deciding factor for organizations that choose one vendor over another. ”
The findings cover three critical components of an organization’s security and compliance posture: information security and IT auditing and compliance, data security and data privacy, and security and compliance spending. Here are the top insights from each.
Information Security and IT Audit/Compliance Trends
An important takeaway is that the integration of security and compliance priorities addresses regulatory control gaps while improving the organization’s security posture. Respondents shared insights into how they manage compliance, who is responsible for compliance and security responsibilities, and what compliance -related security challenges organizations face. Additional findings:
-
Companies see the need to shift their information security strategy to meet compliance priorities (93%)
-
Information security and IT compliance priorities are generally aligned (89%)
-
Current security tools need to address data privacy considerations in the future (76%)
-
Managing an organization’s multiple IT environments and the controls that govern those environments is the biggest challenge in the IT audit and compliance space (39%)
Data Security and Data Privacy
Data security and privacy are central to information security and regulatory compliance. According to the study, data privacy regulations, such as the EU’s General Data Protection Regulation or the California Consumer Privacy Act, are key considerations for business and technology leaders. In the absence of a national privacy referendum, five states have already established individual privacy laws. Other results include:
-
Organizations believe that implementing a meaningful data privacy program is a competitive difference (75%)
-
Organizations use or seek to use a regulatory compliance program as a competitive distinction (68%)
-
Respondents seek tools to address data privacy controls (75%)
-
Companies are changing their organizations ’information security strategies to meet data privacy regulations (59%)
-
Companies use data classification or data privacy security -centered approach (54%)
-
Data security-and the tools and data encryption-their most important security challenge (38%)
Security and Compliance Spending
Given the growing concern with maintaining compliance, it is not surprising that the study found that companies invest heavily in data security and privacy tools and they spend the least on solutions to the point. In addition, the chief information officer (CIO) is likely to be responsible for budgeting the security investment and IT compliance. The CISO (for security) and the chief compliance officer (for compliance) have significant influence on their respective budgets. Additional insights include:
-
Companies currently or will make significant investments in data privacy and data loss prevention (98%)
-
Respondents have increased IT investments, information security, and IT compliance in recent years (75%)
-
Most information security budgets are between $ 50,000 and $ 5 million on information security (61%) and roughly the same for IT auditing and compliance (58.8%)
-
Future budgets increase moderately or partially for information security and security consulting (74%) and IT auditing and compliance (66%)
“Data responsibility is a competitive advantage. As this research shows along with EMA, companies are realizing that it is critical to align security and compliance resources,” said Ameesh Divatia, co-founder and CEO of Baffle. “It’s exciting to know that IT practitioners take compliance seriously, and this mindset is shaping their security and investment strategy. The environment is perfect for change because these practitioners evaluate the tools that improve their posture. security to comply with data privacy regulations.And with data privacy regulations moving lockstep compliance with security, the work done today to manage the complexity of compliance will only benefit one organization and to its long -term business customers. “
Visit the company Blog and download report on the Baffle website to read more about the methodology and study results.
About Baffle
Baffle protects data in the cloud through “no-code” and “low code” data security mesh. The solution provides universal data protection to secure data wherever it resides and as it is used in distributed data environments. Companies can control who can see what data has this layer of security without impacting performance on the user experience. Proven in large-scale environments, the Baffle Data Protection Service only de-identifies sensitive information with its rapid processing in the cloud. Without application changes, security teams can move sequentially with business initiatives to move data and workload to the cloud faster. Investors include Celesta Venture Capital, National Grid Partners, Lytical Ventures, Nepenthe Capital, True Ventures, Greenspring Associates, Clearvision Ventures, Engineering Capital, Triphammer Venture, ServiceNow Ventures [NYSE:NOW], Thomvest Ventures, and Industry Ventures. Follow us on Twitter at LinkedIn.
Please contact
David Dinerman
Look at Left Marketing
[email protected]