2011 IT Security Best Practices Baseline Assessment

2011 IT Security Best Practices Baseline Assessment Best Practices baselines and evaluation criteria developed in conjunction with Echelon One Key Best Practices and Findings Perform quarterly security and compliance training Have a management process in place to ensure business continuity in the event of a CA compromise FAIL! 77% fail to meet security awareness and compliance training best practicestraining FAIL! 55% fail to meet certificate authority (CA) compromise recovery plan best practices This finding demontrates a need for security and ompliane technologies that an make up for training failures Digital certificates are one of the mot ubiquitous security technologies in use bday. Recent CA compromises such as Comodo demontrate that CAS can and will be ompromised. Using a CA is half the battle, to further redue risk, you must have a backup plan in plae 10011010 10110100 01010101 Encrypt all cloud data FAIL! 64% fail to meet cloud data don't know Salesforce.com, Google Apps and other cloud applätions do not encrypt by defult, leaving information open ba successful hack. Third-party technologies available an enhane cloud data security and privacy by providing dat encryption Rotate SSH keys once every 12 months to mitigate risk incurred by the average employee life cycle of 2 years of service Use encryption throughout the organization 41% do not know how often they rotate SSH keys 10011010 10110100 01010101 SSH keys are by and large the leys to the kingdom, they allow access to critical systems and data, not rotating keys can increase the risk signifiantly. Enterprises that do not rote keys probably do not undertand their signifiance or that there are technologies available that an automate the process local enscription 90% use encryption for data security and systems authentication encryption best practices At face value, this finding seems enouraging, however, failure to implemert best practices can turn encryption into a liability Best Practice 1 Best Practice 2 Perform quarterly security and compliance training Encrypt all data stored in public and private clouds Yes 36% Monthly 6% No 24% Quarterly 17% Don't Know 40% Annually 55% - 36% encrypt data in the cloud - 64% do not or don't know if enterprise data Upon Hire Only 7% stored in the cloud is encrypted Never 4% Where do You rank? SCORE : Don't Know 11% Best Practice 3 Use encryption throughout the organization - 23% perform quarterly security and compliance training - 77% do not perform quarterly security and compliance training - 11% don't know Yes 90% No 10% - 90% of organizations are using encryption keys and certificates for data security and protection of system-authentication sessions Where do You rank? SCORE : Where do You rank? SCORE :