Some of the most vital best practices in enterprise security are neglected by the majority of IT departments, new research suggests. A study conducted by Echelon One and enterprise key and certificate management company Venafi found that a startling number of IT departments are complicit in the following five common security failures, reports Robert Strohmeyer at InformationWeek.

• Approximately 82 percent of IT departments do not rotate SSH keys once a year. Average employee turnover is approximately two years, so if SSH keys aren't rotated annually former employees with malicious intent could have access to the network.
• A full 77 percent of companies do not provide regular security training to their users even though it is well-known that people are at the root of the network's greatest vulnerability. 
• Data running over the cloud also presents risks, but 64 percent of the IT groups surveyed do not encrypt all of the cloud data and transactions. 
• The majority of companies are pretty good at enforcing encryption policies in general, but most don't use sufficiently strong encryption keys. The National Institute of Standards and Technology released a report in February stating that 1024-bit keys aren't as effective as they used to be, and that 2048-bit keys are appropriate for symmetric keys.
• A little more than half of the IT departments surveyed have no plan for replacing compromised digital authentication certificates, even though these are known to be vulnerable to fraud.

For more:
- see Robert Strohmeyer's article at InformationWeek

Related Articles:
Six new tricks from hackers
Lying IT pros and the lies they tell
Report: Majority of software programs lack acceptable security