Welcome!

Cloud Security Authors: Pat Romanski, Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security

News Feed Item

Life Sciences & Health Care Companies Unprepared for Information Security Risks: Deloitte Survey

Scant Security Budgets, Void in Leadership, Internal Breaches Block Improvements in Quality and Availability of Information, Potential Efficiency Gains

NEW YORK, July 22 /PRNewswire/ -- Bolstered by the promise of the information age, coupled with billions of dollars in economic stimulus funding, life sciences and health care companies still may not meet lofty expectations of maximizing the value of data and automation efficiencies. That's one way to interpret the key findings of Deloitte's 2009 Global Security Study for Life Sciences and Health Care companies. Worse yet, inadequate security budgets, lack of a strong reporting structure and ever-increasing sophisticated security threats pose significant trouble to life sciences and health care companies, exacerbated by the challenging economy.

More than 100 global life sciences companies, health care providers and health care insurance companies, with approximately half of the companies based in the United States, participated in the Deloitte study, The Time Is Now. The overarching objective of the study is to help companies assess the state of information security within their organizations, make comparisons with similar organizations around the world and provide management with insights to help identify trends and make better and informed strategic decisions.

Respondents also cited outsourcing data management functions to third-party sources, internal breaches and internal threats, including third party relationships, and protection from data leakage as primary concern of their information and security programs. Identity and access management was also recognized as a top priority.

"The lifeblood of any health care or life sciences organization is information, be it patient, intellectual property or financial. But organizations are dealing with a lot right now. They have the challenge of how to protect their information while facing increasingly sophisticated security threats and increasing regulatory and legislative requirements -- all against a backdrop of reduced spending, staff cuts and organizational changes," said Amry Junaideen, Health Sciences & Government leader -- Security & Privacy, Deloitte.

"And based on the results of our study, the industry is not yet prepared to meet the risk management challenges as we head into a period of massive opportunity to maximize the value of data and the promise of new automation. This may be because the industry is behind in implementing important foundational technologies, such as identity and access management solutions, or reluctance to adequately fund the security functions. Bottom line: the industry needs to act aggressively to catch up," Junaideen added.

Despite more than 50 percent of respondents across sectors reporting their information security budgets increased, the majority of increases were in the low range of 1 to 15 percent. Moreover, respondents confirmed that information security budgets are not separate from the IT budget, and most IT budgets dedicated just 1 to 3 percent to information security.

"The problem with folding information security into the overall IT budget," said Junaideen, "is that security often falls to the bottom of the funding list. Priority is given to projects and infrastructure that are perceived as being more important to the business or contributing to revenue generation."

In examining areas such as governance, and in particular the information security function and the role of the Chief Information Security Officer (CISO), respondents revealed a glaring weakness. While the majority of respondents across all regions indicated they indeed have a CISO and this role is taking on greater significance with respect to planning, governance, administration, architecture and IT risk management, 43 percent of respondents do not have a CISO.

"This is a disturbing statistic," said Junaideen, "especially since a strong level of preparedness to meet current and future security and privacy requirements is a direct corollary to the existence of an appropriately positioned -- and empowered -- CISO."

Among other key findings of the study, respondents acknowledge that identity and access management is a top operational imperative and a core enabler of enterprise applications as access to information and data is a growing need. Also factored into this are productivity via flexible working environments and retaining top talent, and fixed costs savings via a reduced need for real estate assets.

With full-scale adoption of electronic health record technologies, particularly within healthcare providers, and the use and reliance of third parties and vendors, it will escalate and increase risk to consumer, patient and business information.

"The constant balancing act for organizations is providing convenient access for employees while maintaining strong access control to information," said Junaideen.

Data loss and information leakage (the movement of a data asset from an intended state to an unintended, inappropriate or unauthorized state) were also a great concern to respondents. The data could be patient names, phone numbers, addresses and lab results, among other items. Only a small percentage of respondents currently have data leakage protection technology fully deployed, compared to the majority of respondents that have firewalls and anti-virus technology.

"Most organizations have been relatively slow to embrace technologies that prevent data leakage because of traditional thinking," said Junaideen. "In the past, securing operating systems, networks, storage, communication channels and the hardware they ran on was enough. And that's no longer true."

The Deloitte 2009 Global Security Study for Life Sciences and Health Care companies is available free at www.deloitte.com/us/LSHCSecSurvey09. Please contact Daniel Mucisko at 212-492-2870 or [email protected] or Marykate Reese at 203-708-4269 or [email protected] to arrange an interview with Amry Junaideen.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. As used in this article Deloitte means Deloitte Touche Tohmatsu member firms.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's 165,000 professionals are committed to becoming the standard of excellence.

SOURCE Deloitte

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...