My favorite quote of the week: “The truth is, we now fear the auditor more than the attacker.”

The 451 Group Research Director of Enterprise Security, Josh Corman, joined me in a recent GuardianEdge eSeminar and explained the new challenges facing the “good guys” of IT security.  While obvious threats include malware and data breaches, many administrators are also finding themselves fending off auditors armed with regulations and strict compliance standards.

“Compliance is now eclipsing threat as the number-one driver in security spending,” Corman noted.  “Nearly every penny spent last year on security was under a compliance mandate.”

Corman added that when he asked administrators why they were focused more on dealing with the auditors then on fending off the latest threat or what their risk management research noted as key issues, the response was very clear: “I might get hacked, but I WILL be fined.”

Next Thursday, March 25, GuardianEdge is hosting an eSeminar on Practical and Proactive Data Encryption.  Bruce Bonsall, the award-winning CISO of MassMutual, and Josh Corman from the 451 Group are joining me on the panel.

How does a company protect its sensitive data when much of it resides on the endpoints of third-party agents who are not employees?  This is the challenge Bruce and his team faced at MassMutual, when tasked with rolling out encryption to their internal workforce as well as a large network of insurance brokers and agents in the field.  It’s an interesting dilemma, and as part of this discussion Bruce will draw on his many years as a leader amongst his CISO peers and highlight the importance of being proactive in outlining an overall protection strategy.