Security experts estimate that compliance pressures will force over 90% of companies to adopt a unified solution to manage information risk across the enterprise and reduce costs associated with standards and legislation.
Toronto, March 13 2008 — Toronto-based Informatica Research has announced that the vast majority of organizations currently adopting information risk management, security management, privacy fair information practices and business continuity planning are implementing overlapping and redundant controls.
Informatica’s president, Claudiu Popa is an authority on information risk management and sees the issue as a problem directly related to de-centralized IT governance and wrongsourcing: “The security and privacy controls behind many companies’ efforts to comply with standards and legislation are overlapping. We are seeing this only a third of the time now, but this number will grow to 75% or 80% over the next 12 months. We are seeing a lot of wasted effort in up to 90% of cases, multiple initiatives implementing similar controls, mounting costs related to monitoring, testing and remediation. Generally speaking, when executives delegate compliance responsibilities and in-source complex information risk initiatives, you’re going to have a problemâ€.
Overlapping controls, such as those implemented to support legislative requirements for PCI DSS, GLBA, Sarbanes-Oxley/Bill 198 and diverse privacy requirements can put an unbearable burden on IT and operational resources – in over 60% of cases – to the point where at least one of two situations occurs: productivity and profitability are impacted at the enterprise level or the effectiveness of the company’s security and privacy activities is reduced because such intense effort is not sustainable. Many companies compound the problem by wrongsourcing: outsourcing their core competencies and in-sourcing complex, specialized projects involving information security and privacy compliance.
Mr. Popa believes that over the next 12 to 18 months, enterprises will turn to unified compliance solutions for efficiency, effectiveness and cost savings: “We are seeing a lot of interest and a few groundbreaking projects involving unified compliance. This makes sense, because we have already done the work of mapping controls to aggregated compliance requirements, so the incremental cost savings are phenomenal while the costs of monitoring and enforcement have dropped proportionally.†Informatica offers a Unified Compliance Framework and a Unified Privacy Framework to streamline information security and information risk management efforts. This solution looks directly at the underlying key controls that satisfy compliance requirements and matches them with those that need to be in place for other structured frameworks, standards and best practices.
Informatica’s management consultants, IT experts, information risk professionals are certified and experienced in the delivery of flawless compliance solutions whose applicability ensures immediate cost savings along with a scalable framework that spans the enterprise. Informatica’s exceptional Unified Compliance solutions for information security and privacy are the most advanced solution of its kind and deliver between 25% and as high as 82% in cost savings over traditional risk management approaches. The FlexProtect 365™ security management framework is the overarching solution that centralizes efforts, consolidates communications and risk-related operations while keeping costs low to maximize value delivery through optimized information risk management.
The core of the unified compliance solution is the process by which business objectives are derived from the strategic direction that is driven by compliance requirements. Once key controls are derived, they are matched to Informatica’s proprietary database of policies, procedures and processes to ensure that each one is acceptable by professional auditors and evidence collection is both sufficient and adequate to support monitoring requirements. Complete information risk solutions are available to any organization or government entity but are absolutely critical for companies that collect and use sensitive client data. Informatica Research shows that organizations that even partially implement unified compliance, whether for security or privacy purposes are seeing efficiency gains and cost savings of 25% within the first 3 months and approaching 50% after 7 months.
FlexProtect 365â„¢ Security Management Framework
Informatica Security’s FlexProtect 365™ is a the evolution of the company’s proven security management suite that encompasses all aspects of information risk, security and privacy practices, legislative compliance and staff education. Companies regard FlexProtect 365™ as the path of least resistance to traditionally lengthy and costly efforts towards compliance with such diverse standards as PCI DSS, HIPAA, PIPEDA, Sarbanes-Oxley and GLBA. IT and security governance, decision support, incident management, business continuity and disaster recovery, physical and logical security are all addressed under the FlexProtect 365™ umbrella. This cohesive set of enterprise activities calculated to maximize compliance effort effectiveness, budgetary efficiency, technical capability and human resource allocation. FlexProtect 365™ is the only solution that combines enterprise capabilities with Informatica’s domain leadership to reliably deliver complete, on-going protection across the enterprise.
About Informatica Security Corporation
Informatica Security and Privacy is a leading information risk management consulting firm focused on providing unmatched expertise to enable client organizations to control and mitigate information security risks, meet compliance challenges, alleviate the effects of wrongsourcing and adopt proven standards and best practices for exceptional governance. The firm’s FlexSecure™ risk assessments and professional audits, FlexProtect™ security management, STORM™ (Scalable Techniques for Operational Risk Management) and WorkLife™ Enterprise Risk Education solutions are proven best-of-breed solutions that scale to meet the business and compliance requirements of diverse industries.
For additional information, please contact Informatica at 416-431-9012 or visit www.SecurityandPrivacy.com and www.InformationSecurityCanada.com.
For Unified Compliance solutions visit:
http://www.informaticasecurity.com/solutions/unified_compliance.html
Informatica Security and Privacy, Informatica Education, Informatica Research, the Informatica logo, FlexSecure™, FlexProtect™ and WorkLife™, VirtualCSO™ and VirtualCPO™ are trademarks or service marks of Informatica Corporation. All Informatica white papers, proprietary research, Web site content, presentations, communications, policies and Informatica-branded documentation are Copyright © Informatica Corporation and permission must be specifically granted for use by any party. All other brands or product names are trademarks of their respective companies, organizations or standards bodies.
For media enquiries and solution requests contact:
Claudiu Popa, CISSP, PMP, CISA
President & CSO, Informatica Corporation
416-431-9012 [email protected]
CO: Informatica Corporation Information Security/Risk Management
ST: Ontario
IN: HTS
SU:
Contact:
Claudiu Popa
President & CSO,
Informatica Corporation
Toronto, Ontario,
Canada
416-431-9012
[email protected]
http://www.informaticasecurity.com
