35% Of Organizations Must Comply With Four Or More Mandates, According To New InformationWeek Reports Research

54% of companies comply with HIPAA or plan to do so in the next 12 to 24 months

Sep 24, 2012

SAN FRANCISCO, Sept. 24, 2012 /PRNewswire/ -- InformationWeek Reports (http://reports.informationweek.com), a service provider for peer-based IT research and analysis, announced the release of its latest research report. Compliance in the Cloud Era encompasses analysis of results from InformationWeek's 2012 Regulatory Compliance Survey and offers strategies for addressing regulations in an era where it is increasingly common to grant third parties access to sensitive and critical data.  Over 400 business technology professionals responded to this survey.    

(Photo: http://photos.prnewswire.com/prnh/20120924/SF79774-INFO)

Research Summary:

InformationWeek's survey of 422 respondents subject to regulatory compliance finds that organizations are not just defining security policies, but doing the challenging work of implementing controls to support them.  When asked the top three security controls they would choose to fund, 43% selected endpoint protection (a regulatory requirement under Payment Card Industry and HIPAA regulations as well as multiple other mandates), 38% said application firewalling (a PCI requirement), and 31% selected identity management (supports numerous access-control requirements across a broad swath of regulations).


  • 58% identify fear of legal repercussions or fines as the top driver for compliance initiatives.
  • 78% have sufficient personnel, money and other resources to address compliance needs or are very near the mark.
  • 94% include specific security language in either all (48%) or some (46%) vendor contracts.
  • 69% address compliance requirements in contracts with compliance-sensitive vendors; 62% include specifications for breach disclosure and incident response.

The report was written by co-authors, Diana Kelley, a 20-year veteran of the IT industry and a partner in and co-founder of research and consulting firm SecurityCurve, and Ed Moyle, a security strategist with Savvis' information security practice.

For full access to the research data, members can download now: http://reports.informationweek.com/abstract/14/8935/Regulatory-Compliance/research-compliance-in-the-cloud-era.html?cid=rpt_press_rls

"Compliance is no longer just about implementing controls in response to regulations," says Lorna Garey, content director of InformationWeek Reports. "The way enterprises consume IT services has changed—primarily with the use of cloud providers and increases in outsourcing—making security and regulatory compliance among supply chain partners increasingly important."  

For more information:
Art Wittmann    
VP & Managing Director, InformationWeek Reports

About InformationWeek Business Technology Network (http://www.informationweek.com)

The InformationWeek Business Technology Network provides IT executives with unique analysis and tools that parallel their work flow—from defining and framing objectives through to the evaluation and recommendation of solutions. Anchored by InformationWeek, the multimedia powerhouse that looks across the enterprise, the network scales across the most critical technology categories with online properties like DarkReading.com (security), NetworkComputing.com (networking and communications) and BYTE (consumer technology). The network also provides focused content for key IT targets, such as CIOs, developers, and SMBs via InformationWeek Global CIO, Dr. Dobb's and InformationWeek SMB, as well as vital vertical industries with InformationWeek Financial Services, Government and Healthcare sites. Content is at the nucleus of our information distribution strategy—IT professionals turn to our experts and communities to stay informed, get advice and research technologies to make strategic business decisions.

About UBM TechWeb (http://www.ubmtechweb.com)

UBM TechWeb, the global leader in technology media and professional information, enables people and organizations to harness the transformative power of technology. Through its three core businesses – media solutions, marketing services and paid content – UBM TechWeb produces the most respected and consumed brands and media applications in the technology market. More than 14.5 million business and technology professionals (CIOs and IT managers, Web & Digital professionals, Software Developers, Government decision makers, and Telecom providers) actively engage in UBM TechWeb's communities and information resources monthly. UBM TechWeb brands include: global face-to-face events such as Interop, Web 2.0, Black Hat and Enterprise Connect; award-winning online resources such as InformationWeek, Light Reading, and Network Computing; and market-leading magazines InformationWeek, Wall Street & Technology, and Advanced Trading. UBM TechWeb is a UBM plc company, a global provider of news distribution and specialist information services with a market capitalization of more than $2.5 billion.