Regulatory compliance will be the top business issue affecting enterprise IT in the next 12 to 18 months, according to security group ISACA.
The survey of more than 2,400 IT security professionals reports that an increase in regulations, data breaches and new technologies such as cloud computing and the rise of personal technology in the workplace are accelerating complexity and risk.
Enterprises are facing a need to manage growth in a challenging global economy while at the same time comply with a growing number of regulations and standards. New or changed regulations expected to impact enterprise IT in the next 12 to 18 months include Basel, Frank-Dodd, PII, Do Not Track, Solvency II and HITECH Meaningful Use, as well as an overall tightening of tax and privacy regulations worldwide. Within this topic, the top-ranked technology concern (chosen by 53% of respondents) was segregation of duties and privileged access monitoring, the ISACA survey reported.
"This year's survey shows more clearly than ever that information technology cannot be managed in a vacuum. From the growing number of government regulations to consumer privacy concerns to hacktivist attacks, enterprise IT assets are being challenged in ways that go far beyond the server room," said Tony Noble, CISA, a member of ISACA's Guidance and Practices Committee and vice-president of IT audit at Viacom.
"Occurrences such as WikiLeaks, the Zeus botnet and an overall rise in identity theft show in 2010 that the variety and volume of threats is on the upswing. Security is everyone's business, not just IT's. This area will continue to be a losing battle if organisations do not get top-down commitment," said Greg Grocholski, CISA, director at ISACA and corporate auditor at The Dow Chemical.