tashka2000 - Fotolia
Lack of security knowledge limiting business initiatives, survey shows
Security concerns are limiting the adoption of cloud and mobility throughout organisations, according to the first Dell Data Security Survey
Although companies recognise the benefits of data security, they struggle to incorporate it into operations without detracting from other business initiatives.
Security concerns are limiting the adoption of cloud and mobility throughout organisations, according to the first Dell Data Security Survey.
“Even with tools in place to address data security needs, business and IT decision makers report gaps in their comfort level with implementing or expanding programmes that rely on these technologies,” the survey report said.
The survey of more than 1,300 business and IT decision makers across seven countries found that, while the C-suite is more invested in data security than in the past, IT teams feel executives are still not allocating the energy or resources needed to properly address data security challenges.
Nearly three in four decision makers agree that data security is a priority for their organisation’s C-suite – but one in four said their C-suite is not adequately informed about data security issues.
Three in four decision makers say their C-suite plans to increase current security measures, and more than half expect to spend more money on data security in the next five years.
Cost is a concern when it comes to building on existing projects, with 53% of respondents citing cost constraints as the reason they do not expect additional security features in the future.
Only one in four decision makers said they were “very confident” in their C-suite’s ability to budget enough for data security in the next five years.
Read more about cyber security
- Cyber security training for chief executives is critical to the cyber resilience of the companies they head, according to global certification and accreditation organisation APMG.
- Cyber attacks constitute a group-level risk that is managed as part of BP’s standard set of risk management processes, says group chief.
- Many FTSE 350 firms still have a long way to go to manage the risks of a cyber attack, a government-backed cyber governance health check has revealed.
- Government collaborates with the insurance industry to improve how UK businesses manage cyber security risk.
Shortage of security skills
“These findings suggest the C-level has to be more engaged when it comes to integrating data security strategies into their business,” said Steve Lalla, vice-president of commercial client software and solutions at Dell
“Business leaders understand the need to invest in their security infrastructure, but that isn’t translating into updating or expanding their current systems to adequately prevent modern attacks,” he said
Despite increased buy-in from the C-suite, the survey found that IT departments still need more business support to fully integrate data security, and that a lack of investment in streamlined technologies and a shortage of talent are both barriers to fine-tuning data security strategies
The majority of decision makers (58%) believe that their organisation is adversely affected by the shortage of trained security professionals in the industry.
Nearly 70% of decision makers still view data security as a burden on their time and budget, yet nearly half believe they need to spend more time securing their data in the next five years than they are today and 76% believe their systems would be less burdensome if provided through a single supplier.
“These findings show that the costs and time constraints that commonly accompany traditional, single-point solutions have an adverse impact on IT departments,” said Lalla.
“For companies with hundreds or thousands of employees, managing each endpoint separately using multiple consoles is extremely inefficient and leads to a high probability of conflict or incompatibility. Implementing a single, integrated suite for IT management can drastically improve this process,” he said
Spear phishing raises concerns
The survey shows that respondents remain highly concerned about malware, despite the fact that most have anti-malware solutions in place.
Nearly three in four decision makers are somewhat to very concerned about malware and advanced persistent threats, while only one in five respondents are very confident in their ability to protect against sophisticated malware attacks.
Respondents are also more worried about spear phishing attacks than any other breach method.
“The fact that IT and business decision makers are not confident in their anti-malware defence implies that they may be using outdated or ineffective tools,” said Brett Hansen, executive director, data security solutions at Dell.
“When IT teams do not have the resources they need to proactively prevent threats and stay on top of the evolving threat landscape, they are forced to play defence using threat detection and remediation alone.”
Security concerns limit mobility
While the general trend is towards the greater use of mobile computing, the survey found that employers feel they have to limit mobility to protect data.
Most mid-market companies (65%) are holding back plans to make their workforce more mobile for security reasons, with 67% hesitant to introduce a bring your own device (BYOD) programme.
While 82% of decision makers have attempted to limit data access points to enhance security, 72% believe that knowing where data is accessed will make their data protection measures more effective.
Nearly 70% of respondents say they are still willing to sacrifice individual devices to protect their company against a data breach – yet 57% are still concerned about the quality of encryption used by their company.
Security concerns aside, two in five respondents are interested in allowing greater mobility for enhanced employee productivity.
“When organisations opt out of creating sanctioned, secure mobility programmes, they open themselves up to other risks,” said Hansen.
“Mobility and security can easily co-exist with modern data security technology that uses intelligent encryption to protect data whether it’s at rest, in motion or in use,” he said.
Cloud crisis of confidence
With more employees using public cloud services like Box and Google Drive in the workplace, decision makers are not confident in their ability to control risks posed by these applications.
Nearly four in five respondents are concerned with uploading critical data to the cloud and 58% are more concerned than they were a year ago.
More than a third reported restricted access to public cloud sites in their organisation due to security concerns.
Some 57% of decision makers who are current cloud users, and 45% of those planning to use public cloud platforms, said they will rely heavily on cloud services firms to provide security.
Only one in three organisations cite improving secure access to public cloud environments as a key focus for their security infrastructure – yet 83% say that employees are either using, or will soon be using, public cloud environments to share and store valuable data.
“Security programmes must enable employees to be both secure and productive, and this means enabling technology that helps them do their jobs,” said Hansen.
“Companies can try to limit or prohibit public cloud use, but it’s more effective to use intelligent data encryption to protect corporate data wherever it may go, and reduce the risk of employees working around restrictive policies to be productive.”
Michael Kaiser, executive director of the US National Cyber Security Alliance, said that, while progress has been made from the days when cyber security was an add-on to the IT infrastructure in organisations, more work needed to be done.
“The Dell Data Security Survey highlights that as the security landscape evolves, and threats become more sophisticated, organisations need to foster a culture of cyber security awareness from the top down and integrate it throughout their organisation,” he said.