Timelines for security and compliance audits are largely unchanged in 2020, despite the disruptive impacts of COVID-19 on teams that are now working remotely, according to a recent survey of North American CISOs assessing the challenges facing security and compliance professionals. The survey, a joint effort between Shujinko and Pulse, finds that CISOs are concerned about having to do more with fewer people and smaller budgets this year.
CISOs are preparing for more than three audits on average in the next six to 12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. Furthermore, the results show that migration to the cloud is dramatically increasing the scope and complexity of audit preparation, obsoleting old methods and approaches.
“This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020, and want automated tools to help dig them out. Unfortunately, they’re simply not able to find them,” said Scott Schwan, Shujinko CEO and co-founder. “Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better.”
More than half of CISOs surveyed say they are preparing for HITRUST audits in the next six to 12 months, while 45 percent are preparing for HIPAA, 43 percent for PCI, 41 percent for CCPA and 36 percent for an internal audit. Automation is the number one element CISOs would like to implement in their audit preparation process, followed by improved team communication and collaboration. The survey also reports that CISOs have poor visibility into their audit processes, and that these processes do not align neatly with a cloud development model.