The fact that data theft is still an issue is not surprising to most anyone in the IT sector. For instance, Brennan O’ Hara, solution manager for Seattle-based Attachmate division, NetIQ that released the survey of over 200 IT “decision makers”, said that “although all this money and technology is being thrown at the problem, if you have a terabyte’s worth of data to dig through and you are under-staffed as an organization, under-resourced as an IT organization, it’s going to be very difficult for you to properly spend the time to navigate through all that data.”

O’Hara said, knowing about where all your data lies isn’t a solution; “just having the data doesn’t make you smarter.”

Brian O’Higgins, president of Ottawa-based Brian O’Higgins and Associates, said “the whole thing is not surprising.” O’Higgins said “there’s more attack vectors every day as IT evolves. We have greater bandwidth, technology is easier to use, we have all these little devices that store a lot of stuff and we have cloud services with more and more information,” so basically “more attack vectors (means) more opportunities for bad guys to do stuff.”

O’Hara said the data was interesting, at least in as much as it may identify some of the problems IT faces. Some of the more interesting statistics from the study include the fact “that 64 per cent (of respondents) cited lack of time to monitor vast amounts of data and another set of folks, 55 per cent, said that they were unable to manage security in a cloud or virtual environment.”

He said that, while there are steps to be taken, “I don’t think there’s one silver bullet to solving the problem.”

O’Higgins vigorously agreed with that sentiment. He said “security is not solved at all, and I don’t know if it ever will be.” O’Higgins suggested that a more pragmatic approach to security is case models. He said businesses need to spend more time looking to successful models in their industry and then trying to be just a little better. “I don’t have to be faster than the bear, I just need to be faster than you,” O’Higgins said.

O’Hara wasn’t quite willing to accept that, despite admitting it wasn’t wrong. He suggested that identity management was a “a very quick win, with enterprise single-sign-on or Web-access management for password management,” allowing for a measure more of security in IT.

The issue for O’Higgins is that, “the attacker is always going to win because (to defend) you have to know every kind of attack and the attacker only has to know one that you don’t know about.”

It may be a disparate statement, but it’s also a realistic one to keep in mind when setting IT policy, both O’Hara and O’Higgins agreed.