Dell : Survey Shows IT Professionals Lack Confidence in Ability to Manage Governance, Risk and Compliance in Regulated Industries

• Dell Software survey shows nearly 100 percent of respondents in finance, retail and healthcare industries are worried about capability to meet compliance objectives
• Significant concern in ability to prevent unauthorized access and changes to data
• Dell offers solutions and best practice advice to help organizations meet risk and compliance challenges in the GRC landscape

Results of a survey of more than 200 technology professionals charged with maintaining compliance at companies with more than 2,000 employees in the healthcare, retail and financial services industries reveal almost all respondents lack confidence in their ability to address and manage governance, risk, and compliance.It's no secret that today's complex GRC landscape is a challenge to understand, implement and maintain, especially in regulated industries where it is likely compliance and security teams are independent of each other. IT professionals face an uphill climb to maintain environments held to standards set by external regulatory control, as well as meet internal policies and best practices set forth by the organization itself. Controls required by regulatory agencies are not just a one-time implementation.  Rather, represent a set of minimum, usually security-based standards that must be maintained and updated at all times to keep the company prepared in the event of an internal or external data breach disaster, which can happen at any time, with little warning.

Some eye-opening findings of the Dell Software commissioned Dimensional Research survey include:

• 83 percent of respondents believe their organization's security would be improved if the security and compliance teams worked more closely and shared more information
• Fewer than 50 percent said employees adding new data sources to the environment for compliance and security take the time to inform the security and compliance teams about the new data
• 59 percent of respondents cited limited manpower, and 49 percent cited growth in the amount of data as the number one and two causes for concern in meeting GRC objectives

• Organizations are concerned about their ability to prevent unauthorized access and changes to sensitive data, setting them up for a potential data breach.
  • 93 percent of respondents are concerned about their ability to prevent unauthorized changes
  • 22 percent are concerned about unauthorized internal access by employees or consultants
  • 61 percent are concerned about both external and internal unauthorized access

• Organizations are not confident they are capturing all compliance data needed to maintain regulatory standards, and a large percentage have no consistent process for managing the volume of data required for regulatory control.
  • Less than 50 percent of respondents proactively review, add or remove data sources that are no longer required - putting a large portion of organizations at a much higher risk of security threats while believing they are compliant and secure
  • Only 11 percent of respondents are very confident that their organization is capturing all the data necessary to detect, investigate and determine the root cause of an incident or data breach
  • Less than 50 percent of respondents have a consistent process in place for adding regulatory data sources

Organizations must develop a comprehensive GRC strategy to mitigate the risk of a costly data breach.

A solid governance, risk and compliance strategy calls for compliance and security teams to work together and share information.  This helps to ensure your organization is continually compliant, has the maximum level of protection from breaches, and prepares you to handle a potential data breach effectively, Dell Software recommends IT organizations get a better understanding of the value of closer alignment between compliance and security teams and the importance of sharing regulatory information across the teams. There are benefits to regularly and proactively reviewing data sources collected, getting rid of the old, as well as ensuring the right people have the right access to the right information. Remember that de-provisioning is more important than provisioning. There is a benefit to managing access rights properly and an opportunity to share data without providing access to the collecting application or infrastructure. This can be done without providing knowledge about how the data was collected. Finally, don't forget privileged accounts. With access to mission-critical applications and data like credit card information or patient history, these powerful accounts are highly sought-after by external and internal threats alike. It is critical to understand what privileged accounts are in any organization's environment as well as the dangers of setting up access controls and privacy in an inconsistent manner.

Dell Software solutions boost organizations' confidence in their ability to protect sensitive company data and avoid costly data breaches

Dell Software's compliance and identity and access management (IAM) solutions help maintain continual compliance, and protect the organization by giving business owners control of access to sensitive data for internal users, external users, and privileged users. Dell solutions help IT organizations feel confident in their processes for managing the wealth of regulatory data sources, as well as the permissions and access methods for all systems and data that must be accessed for day-to-day operations and their ability to proactively maintain continual compliance.  

• Dell ChangeAuditor is a compliance solution that helps IT staff, security and compliance officers' audit, alert and report on user and administrator activity, configuration and application changes in real-time across the Microsoft-centered enterprise from one central console, ensuring proof to auditors and internal stakeholders that compliance and security policies are enforced throughout the organization.
• Dell One Identity Manager automates and streamlines access governance,protecting the organization by giving access control to the business owners who know who should have access to which sensitive data, and automates the request-and-approval workflow and attestation/recertification processes reducing the burden on IT.
• Dell One Identity Privileged Password Managerensures that all administrator access is appropriate, approved, and that all activity is tracked and audited.
• Dell One Identity Cloud Access Manager ensures that access to web-based resources is appropriate, auditable, and follows the a unified security policy for users of all types (internal, remote, mobile, and partner/customer)
• Dell Recovery Manager for Active Directory enables IT to maintain maximum Active Directory uptime and prevent productivity losses due to human error or hardware/software failures

Supporting Quote:

Tim Sedlack, senior product manager, Governance/Risk/Compliance solutions, Dell Software

"Too often, we are seeing security and compliance failures that don't have to happen. Regulated industries like healthcare, retail and financial services have a tough road when it comes to meeting their governance, risk and compliance objectives, and our survey results show they are worried about it. Let's face it - a failed audit can be very costly for any organization. But, with the help of Dell Software's compliance and identity and access management solutions, and by following our best practices for achieving continuous compliance, IT organizations can help their companies maintain a compliance and security orientation that is ready for an audit at any time." 

Supporting Resources:

• Twitter: http://www.twitter.com/dellsoftware
• Facebook: http://www.facebook.com/dellsoftware
• LinkedIn:http://www.linkedin.com/groups/Dell-Software-4793472
• Dell Software YouTube: www.youtube.com/user/DellSoftwareVideo

Delivering Complete and Connected Software Solutions

Dell Software empowers companies of all sizes to experience Dell's "Power to Do More" by delivering scalable yet simple-to-use solutions that can increase productivity, responsiveness and efficiency. Dell Software is uniquely positioned to address today's most pressing business and IT challenges with holistic, connected software offerings across five core solution areas, encompassing data center and cloud management , information management , mobile workforce management , security and data protection . This software, when combined with Dell hardware and services, helps customers simplify IT, mitigate risk and accelerate business results.

About Dell         

Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com .

• Tweet This: @DellSoftware offers solutions and best practices for meeting #GRC objectives