The online global survey gathered responses across a full range of markets – banking/financial services, retail, manufacturing, public sector and others. Key findings include:
Defending against IT security challenges is the primary security driver for more than half of respondents
While compliance is still a strong security driver, newer IT trends – such as Big Data, cloud, BYOD and mobile security – accounted for a full 36 percent of respondent’s choices, and 16 percent of respondents selected ‘data breaches’ as the primary data security driver at their organisation. Given that 52 percent of the respondents called out drivers other than compliance, it’s clear that organisations’ security strategies are governed by the need to protect against an increasingly complex array of IT challenges.
Respondents feel that protecting brand reputation and observing security best practices should be the primary motivations for data protection
Nearly two thirds of respondents (64 percent) believed that protecting the company’s reputation (32 percent) and implementing best practice security measures (32 percent) should be the primary motivation for data security within their organisation; meeting compliance requirements came in third at 22 percent. This highlights that IT professionals recognise that compliance alone is not enough to protect their organisation. As targeted attacks have proliferated, organisations around the world are recognising the requirement to adjust their security posture to keep ahead of current threats.
IT security budgets are rising at a large number of organisations
Faced with the challenge of securing newer technologies like Big Data and cloud, the budgets at many of the respondents’ organisations (42 percent) have increased or remained static (39 percent). Only 6 percent of respondents reported that their IT Security budget has been reduced, while 13 percent didn’t know.
Respondents name server encryption as the key focal point for IT data security investment over the next 12 months
Core elements of a data-centric security strategy that protects information where it resides are encryption with access controls to lock down and control access to critical information, combined with log management and database activity monitoring (DAM) to identify unusual usage patterns that may represent a new advanced persistent threat (APT) attack, or malicious insider. The survey shows organisations are investing in these areas with 40 percent investing in server encryption and 33 percent investing in both log management and DAM.
“The security landscape has evolved considerably over the past 18 months. With advanced persistent threats recurring headline news, and as more organisations embrace the merits of cloud computing and Big Data, it is essential that enterprises ensure their IT infrastructure is geared up to keep pace with the changing market,” said Tina Stewart, Vice President of Marketing, Vormetric. “We wanted to conduct this research to assess the extent to which organisations’ security measures and motivations reflect these changes, and overall the study reveals that organisations are reassuringly starting to move in this direction.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.