Too Much Emphasis on Tech Makes Security Fail, Survey Finds

A new survey from KPMG has found that data security projects often fail because companies are focusing too much on technology – and not enough on procedures. Will a balance of the two help a project succeed?

In an article on the ComputerWeekly.com website, Karl Flinders says that according to the survey, companies are not addressing procedural changes when introducing projects to secure data.

The survey found that approximately 50 percent of respondents said most projects fail because the business was not ready, compared with 21 percent who said the integration with existing IT was to blame for failures. Fifteen percent cited budgetary constraints, while only 11 percent of respondents said they were satisfied with their identity and access management projects.

Malcolm Marshall, head of information security services at KPMG, told Flinders there is a common misconception that identity and access management is about dealing with user IDs and passwords. “It is 80 percent process, policy and governance, and 20 percent technology. Recent control failures have shown that failing to get the governance of policies and processes right can lead to serious security breaches,” he told Flinders.

To read the full article, click here: http://www.computerweekly.com/Articles/2008/06/16/231073/security-projects-fail-because-there-is-too-much-emphasis-on-technology-survey.htm