Commenting on reports from the recent RSA 2012 event that IT security professionals have a high risk of burnout, Varonis Systems says that the use of cost-effective data governance technology most notably in the area of unstructured data can go a long way towards reducing the stress of staff and so avoid the burnout of valuable IT staff.
"The survey showed that 16 out of the 124 professionals surveyed almost 13 per cent were at a high risk of psychological burnout based on indicators such as exhaustion, cynicism and personal efficacy," said David Gibson, director of strategy at Varonis. "Almost 27 per cent admitted they had low job satisfaction, while 38 per cent were at risk of burnout due to cynicism."
The Varonis director of strategy went on to say that these ferociously high levels of burnout risk among IT security professionals can be strongly correlated to stress associated with increasing security threats, rapidly growing volumes of data and a disconnect between security and the organization.
"While the data assets don't belong to IT security, IT security is often the one to sound the alarm that they're at risk. It is difficult to maintain a sense of mission when the people who own the assets you're trying to protect don't seem to share the same sense of urgency."
Gibson added that as digital collaboration continues to grow and accelerate, organisations have hit something of a wall when it comes to traditional data leak prevention and identity access technologies.
"Organisations need better context about the data they are protecting, and to provide that context to the correct partners in the business so that the right people can make decisions about content, access controls, and acceptable use."
Gibson adds that a recent news report also from RSA 2012 comes to mind. The report mentioned a law enforcement official who moved over from law enforcement and took part in drug raids and other types of high-stress and adrenaline-filled missions as part of his job. But when that official transitioned to a job in information security, his level of satisfaction was much lower, as in IT security, there are very few concrete measurements for success.
The takeout from RSA 2012, he explained, is that, if security technologies and processes don't keep up with the technology and data that is being protected, it is easy to get discouraged - especially as many IT security professionals are faced with a near-impossible mission that they cannot complete on their own.
If you can't quantify and prioritize areas of risk, it is difficult to feel confident that you're focusing on the right things and that you're making a difference. The good news is that metadata framework technology can now provide prioritised reports of at-risk data assets and the actionable intelligence to remediate them quickly and safely. Enterprise context connects IT security with data owners, and automates their involvement so that IT security can partner with the right people in the organisation to reduce excess access, monitor use, and prevent abuse. Both IT and the business are more empowered to reduce risk, and they can quantify what they've accomplished.
Data owners, he says, need to be involved and responsible, and work with their IT security professionals on how to reduce the risk profile of their organisation's data. With the right technology in place it is perfectly possible to identify, prioritise and remediate security risks - getting data under control and keeping it that way.
The largest threat surface, Gibson adds, is on unstructured data found on file servers, NAS devices, SharePoint and Exchange. The permissions on these platforms are usually managed manually, IT has lost track of which groups map to which data, and usage is usually not audited or analysed. These platforms are frequently overlooked, yet pose the greatest risk on the governance front.
"The fundamental issue here is that IT security professionals rarely get any feedback when things go well, but when the information security system is compromised, they are blamed. Coupled with the fact that this same department rarely has aligned business sponsorship or sufficient tools to effectively secure their technology and data, it's no small wonder they are at risk of burn out," he said.
"The solution to this problem is actually a lot simpler than it appears. With suitable automated data governance technology in place as we have found with our client organizations the process of defending your company's data is made a lot easier. This is thanks to tools that can mitigate risk and give measurable feedback - plus results and reports that demonstrate a reduction in risk," he added.
"People rarely perform well when they have a 'Sword of Damocles' hanging over them, but our experience here at Varonis is that, with the right tools in place, IT security professionals can reduce stress and become more productive and, therefore, are at less risk of burn out. This is a win-win situation for all concerned."