Top Priority for Financial Institutions Is Investing in Identity and Access Management Tools: Deloitte 2010 Security Survey
Simply entering a user ID and password is no longer adequate; Proactive response to new environment needed
NEW YORK, June 17, 2010 – With a number of recent high-profile proprietary code thefts driving headlines around the globe, senior security executives at some of the world’s largest financial institutions say they are now making it a priority to invest in tools that restrict user access to critical information and continually keep track of who has access to specific information, according to a Deloitte survey released today.
According to Deloitte’s seventh annual survey of global financial institutions’ security efforts, identity and access management was identified as the industry’s top security initiative for 2010. Among 19 different types of initiatives, 44 percent of survey respondents listed this as a top initiative; it is also is a significantly higher priority for larger organizations with more than 10,000 employees (63 percent).
“Organizations are starting to sit up and recognize the importance of information security to their business,” said Ed Powers, a principal with Deloitte & Touche LLP and the leader of Deloitte & Touche LLP’s security & privacy practice for the financial services industry. “The changing players, the increasing sophistication of faceless threats, the decreasing level of competence required to pose a threat and the availability of fraud tools are all factors that have caused financial services organizations to evolve their security practices in many areas. The security environment is undergoing a metamorphosis.”
Powers added, “In the early days of information security, identity and access management performed the function of a gatekeeper, essentially keeping the bad guys out. But, it has now evolved far beyond that, especially in the level of granularity of access as well as in the ability to track back, stroke by stroke, what events took place, when, and by whom. Today, many organizations realize that simply entering a user ID and password may no longer be adequate.”
Security budgets also appear to be bucking the current trend of cost-cutting. More than half of the survey’s respondents (56 percent) indicate that their information security budget has increased. Moreover, there is a significant drop, compared to 2008, in the number of respondents who state the “lack of sufficient budget” as one of the major barriers that their organization faces.
Powers says that this may well be a product of a general dawning of the “realization that, as the information security environment gets more dangerous, so investment in data protection likely needs to get more serious.”
Additional survey findings:
The report, titled “The Faceless Threat,” is available at www.deloitte.com/gfsi/securitysurvey and offers breakdowns of results by geographies and select countries, as well as by the banking, investments and securities, insurance and payments and processors sectors.
Deloitte’s global financial services industry group surveyed senior information technology executives at more than 350 major financial institutions via in-person and online questionnaires in early 2010.
As used in this document, “Deloitte” means Deloitte Touche Tohmatsu, a Swiss Verein.