Data protection tops 2013 UK security priorities

Data protection is the top security priority for more than half of UK organisations in 2013, a survey has revealed

Data protection is the top security priority for more than half of UK organisations in 2013, a survey has revealed.

This is unchanged from 2012, but went up from 43% to 50% of more than 300 IT security professionals polled by TechTarget and Computer Weekly.

This is unsurprising as attacks are becoming more targeted at stealing specific information, promoting increasingly data-centric security strategies.

However, mobile endpoint security has moved up into second spot from fourth position the year before, reflecting a growing use of mobile technologies and the need to secure these devices.

A third of respondents said their organisations plan to implement mobility initiatives in the coming year; 49% said their organisations would allow employees to buy their own smartphones; and 29% will allow employees to buy their own tablets for corporate use.

Identity and access management has moved up to third place from seventh position in 2012, signaling a greater focus on role-based data access.

Network-based security is in joint third position, moving down from second position the year before, indicating a gradual move away from traditional network-based security.

Move to virtualisation

Virtualisation security has moved up to fourth position from sixth position, indicative of a growing need to secure virtual environments.

Increasing numbers of organisations are using virtualisation as they consolidate physical servers to cut costs and prepare for a transition to cloud computing.

According to the survey, consolidation is the top broad initiative UK organisations will seek to implement in the coming year, while cutting costs is the top focus for a third of IT departments.

Virtualisation is the top primary storage initiative for 36% of respondents; more than a third plan to implement desktop virtualisation; and nearly a fifth plan to implement application virtualisation.

Cloud concerns

However, when it comes to cloud services adoption, only 16% said they plan to use security-as-a-service in 2013 compared with 55% for software-as-a-service.

Cloud security comes in only at tenth position in security priorities. This suggests that, while more than half of companies are starting to use cloud, relatively few have moved sensitive data into cloud environments.

The survey shows security remains the top concern organisations have about cloud service providers, followed by protecting company data and reliability.


Consequently, cloud security remains a low priority at eighth position compared with threat detection and application-based security at joint fifth position.

There is little change in priority for these two technologies, although it is surprising application-based security has not moved up the ranks as attackers shift their attention from operating system vulnerabilities to the application layer.

Vulnerability management has slipped down the rankings from third to seventh position, despite the fact that many security experts say patch management remains an important way of mitigating known vulnerabilities, particularly as application-based attacks increase.

The appearance of security management at seventh position is unsurprising in the wake of investments in an ever wider set of security systems that generate alerts that need to be managed and analysed.

While security management does not feature in the top security initiatives for 2012, a year later it is on the agenda of 21% of respondents.

Read more on Privacy and data protection