When it comes to security, the country has no time to waste.
Chinese organizations are only just starting to break through the early stages of information security, despite the country's intensifying participation in the global economy.
InformationWeek's Global Information Security survey illustrates their high level of risk exposure. It also suggests that Chinese organizations, given the level of attacks on their systems, may not have the luxury of plodding through the usual "evolutionary process" of developing IT security.
China's experience is different from that of U.S. companies 15 years ago. The demands of the global economy compel China to rapidly adapt to advanced international standards. Fortunately, Chinese organizations are accelerating their pace of security development in an effort to be seen on the international stage as secure and in control.
For instance, the average percentage of IT budget spent on information security in China is 19%, compared with 12% in the United States. That's an astonishing figure.
The survey responses of both U.S. and Chinese companies reinforce what Accenture clients are saying. They're asking for advice in assessing IT security risk, reducing security complexity, and measuring security's value, factors that support the business case for security spending.
Within those three areas, China's focus appears to be largely on basic infrastructure. This isn't surprising, as organizations must start somewhere. China has the benefit of learning from the experiences of U.S. companies as they advance into the areas of security automation and simplification. As the United States recognizes the need for more limber IT systems to handle fast-changing processes and opportunities, China is adapting as well.
Our survey underscores that many Chinese companies are already beginning to learn the lessons others have learned elsewhere. In earlier years, security tended to be a bolt-on afterthought. A bank decided to add a customer service, for instance, and only after establishing the new service did it figure out how to secure it. Chinese companies now say, "We need a new service, and as part of that service, what will be the security experience?" The security is being designed up front.
China is at the stage of acquiring point solutions for security. Eventually, the sheer volume of such fixes makes them impossible to manage. If Chinese organizations properly assess risk and institute strategic security measures rather than continue with a patchwork approach to vulnerabilities, they may be able to leapfrog the evolutionary process. High-performance security is particularly critical in adopting cutting-edge technologies such as wireless applications and service-oriented architectures.
As organizations move beyond fragmented, piecemeal approaches, they can embed security into business processes, thereby providing better integration, automation of manual processes, and improved management and monitoring capabilities. Chinese organizations realize that to enjoy the fruits of such high-performance security and become truly international, they'll have to intensify their adoption of international security standards.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.