Everyone cares about IT security in 2016. So what? asks Josh Bressers, Security Strategist, Red Hat.
IT security is something that every enterprise cares about, at least when asked directly. But does this care actually translate into actions? And is the enterprise even focusing on the right things to care about? These were the questions that we sought answers to with a survey posed to 426 global IT decision makers and professionals around the world, administered by TechValidate. While the survey provided a lot of data, some surprising and some expected, the results can effectively be grouped in three distinct buckets.
It sounds harsh, but with the advent of the Internet of Things (IoT), security is often an afterthought for most newly connectable devices. It shouldn’t be surprising; for example, sensor makers want to focus on building a better sensor, not a more secure sensor. But, for the enterprise, this is a significant concern. Or it should be, in our view. Only 14 per cent of respondents are concerned with unpatched or unpatchable devices, focusing instead on the risks posed by outside breaches (32 per cent) and poor employee security practices (36 per cent). While both of those issues are significant, good security starts with good “hygiene,” which is the block-and-tackle basics of regularly patching devices and software to prevent breaches. On the positive side, more than half of the respondents (67 per cent) are deploying security patches at monthly intervals or better, limiting the threat window posed by known vulnerabilities.
Trust trumps revenue
When asked what the top security-related business concern was, nearly half of respondents (47 per cent) didn’t point to revenue, brand negativity, or asset loss; they focused solely on the potential loss of customer trust. This marks an interesting turn in the security world. While protecting assets, including customer data, is critical. So, too, is ensuring that your customers trust you to protect these things. High-profile breaches over the last 12-18 months showed just how fragile and fickle this trust can be, so it’s interesting to see that organisations are placing trust above simple asset and revenue recognition.
Finally, in a data point that will surprise no one–despite all of the high-profile breaches, new vulnerabilities, and executive statements on the importance of IT security–budgets remain the same. 81 per cent of respondents are expecting, at best, a slight increase or for budgets to remain the same, with 61 per cent highlighting that IT security is 15 per cent or less of their organization’s total IT budget. The end result here is that IT security remains top-of-mind within the enterprise. Unfortunately, even in the face of emerging issues and new exploits, the money to properly address these challenges, through training, new tools, and headcount, just isn’t there. The general trend of enterprise IT being expected to do more with the same budget, year-after-year, affects all infrastructure, including security.
To find out more, view the full results of the survey.
