27% of Sample Reporting Security Budgets
Have Increased in Response to Proposed Changes, yet Only 11%
Automate Compliance Audits
RSA Conference, San Francisco, CA - February 29,
2012 - Tufin Technologies, the market-leading
provider of Security Policy Management solutions, today announced
the results of a survey assessing how the recently announced
updates to EU Data Protection legislation will impact IT compliance
efforts. 42% of the 100 network security managers sampled by
the firewall
management software provider said the proposed changes led
to increased risk awareness within their organization; 34% stated
that their attitude towards Continuous Compliance had changed as a
result, and 54% believe that automating audits would reduce the
organization's risk of violating the law.
"While 29% of respondents have partially automated compliance
audits, those processes that are not automated run the risk falling
out of compliance the moment after the auditor signs off on the
audit," said Shaul Efraim, vice president of Marketing and Business
Development for Tufin Technologies. "Many of our customers
experienced that scenario when they first began their
PCI DSS compliance efforts. Organizations that use our
software to automate the
firewall audit process report they have much more control
over the aspects of PCI DSS that we address, which aids their
ongoing compliance efforts. Tufin's automation can deliver the same
value to any organization that will need to comply with future
changes to EU data protection and privacy laws."
Tufin executed this survey in response to the January 2012
announcement by European Commissioner for Justice that outlined
plans to enhance data protection rights for individuals across
Europe and increase the responsibility and accountability of
organizations handling records containing the information of EU
citizens. If adopted, the new legislation would apply to all
organizations that do business in Europe. The draft guidelines
reflect a growing concern about the way in which personal details
are captured, handled and stored in today's highly complex
information age. Proposed changes include severe fines of up to 2%
of revenues for privacy violations and a requirement that, under
certain circumstances, organizations report privacy breaches to
authorities and affected individuals within 24 hours of the breach
being noticed.
Tufin asked respondents what they felt was best way to reduce
the risk of a fine due to non-compliance. Feedback from survey
respondents was just as interesting as the statistical data: one IT
security professional said that good company security standards
would assist in this regard, while another professional favored a
strict compliance strategy, with "data security awareness program
across the organizations - and online monitoring of compliance
checks - helping in reducing the risk of fines due to
non-compliance." Another IT security professional was in favor of
even more draconian penalties, pressing for legislation that
directly (financially) penalizes staff for actions that cause a
breach.
About Tufin Technologies
Tufin™ is the leading provider of Security Policy Management
solutions that enable companies to cost-effectively manage their
firewall, switch and router policies, reduce security and business
continuity risks, and ensure Continuous Compliance with regulatory
standards. The award-winning Tufin Security Suite provides security
teams with powerful automation that slashes the time and costs
spent managing change and successfully passing audits. Founded in
2005, Tufin serves more than 900 customers in industries from
telecom and financial services to energy, transportation and
pharmaceuticals. Tufin partners with leading vendors including
Check Point, Cisco, Juniper Networks, Palo Alto Networks, Fortinet,
F5, Blue Coat, McAfee and BMC Software, and is known for
technological innovation and dedicated customer service.
For more information visit www.tufin.com, or follow Tufin
on:
Media Contact
Elizabeth Safran
elizabeth@tufin.com
212-740-1037/408-348-1214
