When it comes to security, the country has no time to waste.
Chinese organizations are only just starting to break through the early stages of information security, despite the country's intensifying participation in the global economy.
InformationWeek's Global Information Security survey illustrates their high level of risk exposure. It also suggests that Chinese organizations, given the level of attacks on their systems, may not have the luxury of plodding through the usual "evolutionary process" of developing IT security.
China's experience is different from that of U.S. companies 15 years ago. The demands of the global economy compel China to rapidly adapt to advanced international standards. Fortunately, Chinese organizations are accelerating their pace of security development in an effort to be seen on the international stage as secure and in control.
For instance, the average percentage of IT budget spent on information security in China is 19%, compared with 12% in the United States. That's an astonishing figure.
The survey responses of both U.S. and Chinese companies reinforce what Accenture clients are saying. They're asking for advice in assessing IT security risk, reducing security complexity, and measuring security's value, factors that support the business case for security spending.
Within those three areas, China's focus appears to be largely on basic infrastructure. This isn't surprising, as organizations must start somewhere. China has the benefit of learning from the experiences of U.S. companies as they advance into the areas of security automation and simplification. As the United States recognizes the need for more limber IT systems to handle fast-changing processes and opportunities, China is adapting as well.
Our survey underscores that many Chinese companies are already beginning to learn the lessons others have learned elsewhere. In earlier years, security tended to be a bolt-on afterthought. A bank decided to add a customer service, for instance, and only after establishing the new service did it figure out how to secure it. Chinese companies now say, "We need a new service, and as part of that service, what will be the security experience?" The security is being designed up front.
China is at the stage of acquiring point solutions for security. Eventually, the sheer volume of such fixes makes them impossible to manage. If Chinese organizations properly assess risk and institute strategic security measures rather than continue with a patchwork approach to vulnerabilities, they may be able to leapfrog the evolutionary process. High-performance security is particularly critical in adopting cutting-edge technologies such as wireless applications and service-oriented architectures.
As organizations move beyond fragmented, piecemeal approaches, they can embed security into business processes, thereby providing better integration, automation of manual processes, and improved management and monitoring capabilities. Chinese organizations realize that to enjoy the fruits of such high-performance security and become truly international, they'll have to intensify their adoption of international security standards.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.