European study unveils IT security strategies

Fortinet unveiled the findings of a survey into the IT security strategies which queried enterprise IT decision makers in France, Germany, Italy, Spain, Benelux and the UK about their approaches to security strategy amid a constantly changing landscape for how businesses use IT.

Greater comprehensiveness covering more business assets beyond the core network perimeter like mobile endpoints, processes, etc., and more cost-effectiveness were ranked by far as the top two improvements needed to drive into future security strategy.

Among the biggest drivers for strategic changes to security were still the “traditional’ concerns of combating the growing sophistication of threats and attacks (25% naming it as the most important driver) and meeting compliance (16%). However, IT decision-makers felt equally pressured by a mixture of IT trends with cloud computing (19%), mobility (16%) and virtualisation (13%) all named by individual respondents as key shaping influences for reassessing their IT security strategy.

One-sixth of enterprises questioned (16%) either didn’t have a security strategy, or had not reconsidered their IT security strategy for more than three years. Only 60% of enterprises have conducted a full reappraisal of information security strategy in the last 12 months.

Across the sample, 88% of respondents indicated that they have mobile security covered specifically in their IT security strategy. However, 66% of enterprises only allow the use of corporate mobile devices onto which security policies can be directly enforced. 21% of enterprises place the responsibility for securing personal mobile endpoints with the user/owner of the device in question.

When asked which parts of their IT infrastructure were vulnerable from a security standpoint, wireless networks were the most identified component (quoted by 57% of the sample). As well as being highlighted the most, wireless networks were also ranked highest in terms of greatest vulnerability, ahead of core network infrastructure (ranked 2nd) and databases (3rd).

With application awareness and control capabilities underpinning the emergence of “next-generation’ firewalls and the death of traditional firewalling solutions, today 50% of the sample are now using, or plan to deploy, a firewall with application control features. Specialized web application and XML firewalls are also being adopted in significant numbers, with 43% of the overall sample now using, or planning to use, this technology to secure web-based applications.

The UK shows the highest rate of application aware, “next generation’ firewall adoption with 60% of its sample using this technology.

Germany and Italy are the largest adopters of web application /XML firewalls, each with 54% of their samples.

69% of respondents have consolidated security elements to date in order to take advantage of less cost, simplified management and tighter security, and 79% of them say that they will continue consolidating more security over the next 12 months.

24% of the sampled organisations plan to embark upon a network security consolidation project for the first time in the next 12 months. Only 7% of the overall sample intends to continue abstaining from any network security consolidation project for the foreseeable future.

• Italy has the most unfinished business in respect of enterprises continuing to embrace network security consolidation, with 60% of the overall sample saying they’re still on their journey (the European average is 55%)
• In Benelux, 24% of the sample feel they have embraced network security consolidation to the furthest extent desirable (European average = 14%)
• French organisations in the sample are most likely to start out on network security consolidation (34%) for the first time. In Benelux, the figure is just 16%
• The Italians and Spanish are the most averse to any suggestion of consolidating network security elements (10%); nearly three times as much as Germans and Britons (each 4%, respectively).