Security Best Practices A Big FAIL In Most Organizations

Enterprises, government agencies mostly missing the boat in proper security practices

New data released today reveals how enterprises and government agencies are failing to adopt best practices for security: nearly all of the 420 organizations that participated in the survey were at some risk in security or compliance.
The Echelon One/Venafi-sponsored survey, 2011 IT Security Best Practices Assessment, was based on 12 best security practices defined by Echelon One.
Heres how the organizations fared in the top five best practices:
Some 77 percent dont perform quarterly security and training compliance training; 64 percent dont encrypt all of their cloud data and cloud transactions; 82 percent dont rotate their SSH keys every 12 months; 55 percent dont have a process in place in the event of a certificate authority compromise; and 10 percent dont use encryption throughout their organizations.
Training once a year is not enough. It has to be done on a regular basis, and quarterly is best, says Bob West, founder and CEO of Echelon One, who says he was shocked by the high rate of failure in the survey. But 77 percent are not doing this.
Jeff Hudson, CEO of Venafi, says the good news from the survey is the widespread use of encryption. But its incredibly poorly managed. SSH keys are a mess, he says.
Very few are thinking about encrypting data as it goes in the cloud. Ninety percent say they use encryption throughout the organization, but that number falls off drastically when data goes into the cloud, Hudson says. As apps and data move into the cloud … theres not a well-developed thought process on how to protect data under your direct control.
People are not planning for compromises, and the biggest ones were when people were caught flat-footed, especially with a CA room compromise, and the Comodo RA compromise, for example, he says.
Among some of the other findings from the survey: 40 percent of the respondents didnt know whether their organizations encrypted their data in Google Apps, Salesforce.com, or Dropbox, and 41 percent didnt know how often their SSH keys were rotated. Around 10 percent arent using encryption in authentication.
Venafi and Echelon One are now offering a free self-assessment survey for organization to measure their best practices status
here
, as well as to obtain copy of the full report.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Security Best Practices A Big FAIL In Most Organizations