Many IT Pros Ignore Corporate Security Policies
One of the inescapable realities of enterprise cyber-security is that a huge gulf exists between what companies should do to protect their IT systems and data and what actually takes place. A recent research report released by Absolute Software, "IT Confidential: The State of Security Confidence," illustrates the extent of the problem. The endpoint security and data risk management firm polled more than 500 U.S. employees who work in an IT or information security role and asked them about their security practices. The study found that, among other things, a shockingly high percentage of IT professionals admitted that they did not follow the same security protocols that they enforce on other employees. Many said they also intentionally circumvent key security policies. Consequently, many organizations—while placing a premium on security—expose themselves to significant risks. "Given that IT is the security gatekeeper for an organization, it was alarming to see such a high incidence of non-compliant behavior by IT personnel," reported Stephen Midgley, vice president of Global Marketing for Absolute.