54% of companies comply with HIPAA or plan to do so in the next 12 to 24 months
Sep 24, 2012
SAN FRANCISCO, Sept. 24, 2012 /PRNewswire/ -- InformationWeek Reports (http://reports.informationweek.com), a service provider for peer-based IT research and analysis, announced the release of its latest research report. Compliance in the Cloud Era encompasses analysis of results from InformationWeek's 2012 Regulatory Compliance Survey and offers strategies for addressing regulations in an era where it is increasingly common to grant third parties access to sensitive and critical data. Over 400 business technology professionals responded to this survey.
InformationWeek's survey of 422 respondents subject to regulatory compliance finds that organizations are not just defining security policies, but doing the challenging work of implementing controls to support them. When asked the top three security controls they would choose to fund, 43% selected endpoint protection (a regulatory requirement under Payment Card Industry and HIPAA regulations as well as multiple other mandates), 38% said application firewalling (a PCI requirement), and 31% selected identity management (supports numerous access-control requirements across a broad swath of regulations).
- 58% identify fear of legal repercussions or fines as the top driver for compliance initiatives.
- 78% have sufficient personnel, money and other resources to address compliance needs or are very near the mark.
- 94% include specific security language in either all (48%) or some (46%) vendor contracts.
- 69% address compliance requirements in contracts with compliance-sensitive vendors; 62% include specifications for breach disclosure and incident response.
The report was written by co-authors, Diana Kelley, a 20-year veteran of the IT industry and a partner in and co-founder of research and consulting firm SecurityCurve, and Ed Moyle, a security strategist with Savvis' information security practice.
For full access to the research data, members can download now: http://reports.informationweek.com/abstract/14/8935/Regulatory-Compliance/research-compliance-in-the-cloud-era.html?cid=CYNC
"Compliance is no longer just about implementing controls in response to regulations," says Lorna Garey, content director of InformationWeek Reports. "The way enterprises consume IT services has changed—primarily with the use of cloud providers and increases in outsourcing—making security and regulatory compliance among supply chain partners increasingly important."