There is no one-size-fits-all security solution to address the threat landscape today’s businesses face. Each organization has unique security obstacles and obligations. Billions of dollars have been invested into IT security solutions and increasing annual security budgets has been an imperative. In fact, 98% of business respondents reported they will spend over a million dollars in 2017, per a global study by Citrix and the Ponemon Institute. However, many of the systems and people in place are still not able to handle today’s threats.
Security threats increase as more devices crowd networks and as people have more freedom to work from anywhere, on any device. More devices, especially bring your own (BYO) devices are the new norm, and businesses need to put information security at the top of their priority list to ensure apps and data are secure no matter where they reside or are accessed. On top of this, businesses need skilled staff to plan how they will reduce risk and improve the security of their applications and data.
The global study by Citrix and the Ponemon Institute on IT security infrastructure found that less than half (48%) of survey respondents said their organization has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information. Not helping is that nearly 70% of business respondents said that some of their existing security solutions are outdated and inadequate.
Top security concerns confirmed in the study:
- Poor security deployments: 70% said their organization had made investments in IT security technology that was not successfully deployed (e.g. shelfware).
- Unapproved and rogue app deployments: 65% of respondents said their organization is not able to reduce the inherent risk of unapproved applications – increasing risk, including from shadow IT.
- Unmanaged data at risk: 64% say their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files with no expiration date).
- Talent pool is small: Only 40% said their organization is successfully hiring knowledgeable and experienced security practitioners.
While there’s no silver bullet to fixing security business challenges, survey respondents shared that they believe there are solutions to help better manage security challenges:
- Creating a unified view: 53% percent believe a unified view of users across the enterprise.
- Becoming proactive: 48% percent answered an ability to keep up with new or emerging attacks.
Respondents also shared that some specific improvements can be made to reduce their overall risk:
- Technology improvements: 65% believe an improvement in technologies will improve their overall security posture and reduce risk.
- Staffing investments: 72% say an improvement in staffing will improve their overall security posture and reduce risk.
These findings are the second installment of the global study from Citrix and the Ponemon Institute. The first report reviewed how business complexity is hindering security postures and adding to the shadow IT trend.
UPDATE: If you’re interested in the Canadian-specific data, here’s some highlights:
- Most IT professionals in Canada (73%) feel strongly that some of their security solutions were outdated and inadequate.
- In fact, Canada is among the top four countries (including U.S., U.A.E. and the U.K.) to agree that their organizations’ existing security solutions are outdated and inadequate.
- 71% of IT and IT security practitioners say their organization needs a new IT security framework to improve its security posture and reduce risk.
- 52% of respondents state that their organization will increase budget for IT security in 2017 – equivalent to the global average.
- More than any other country, Canadian IT practitioners think that machine learning is the most important technology to reduce security risk over the next two years (85%)
While Canadian IT and IT security practitioners are concerned about their organizations ability to control employee devices and data, they conversely appear to disregard the importance of enforcing employee compliance with security policies.
- Canada and Korea (40% respectively) are the least confident that their organization has the right policies and procedures in place to protect data and their infrastructure.
- Yet, Canada is the country least concerned (51%) about the inability to enforce employees’ compliance with policies.
- 67% of Canadian respondents (compared to the global average of 63%) perceive employee use of personally-owned mobile devices in the workplace (BYOD) as a disruptive technology and risk to IT security infrastructure.
- Canada is among the top two countries most concerned about the inability to control employees’ devices and apps (81% for Canada, 82% for Mexico).
- 90% of Canadian respondents believe that employees’ use of social media in the workplace has a negative impact on security. This is 15% higher than the global average.
All Data is Canadian Unless Otherwise Stated
- At 12%, Canada had the most respondents state that they were unsure whether their company has a mobile strategy for Bring Your Own Device (BYOD).
- 89% of Canadian respondents say that the inability to hire and retain expert staff is a factor that decreases their organization’s overall security and increases risk.
- More than any other country, Canadian respondents (86%) say that an improvement in staffing would most improve their organization’s overall security posture and reduce risk. Globally on average, only 72% would agree.
- Canadian IT practitioners (74%) are only second to Japan (79%) in their concern that having more millennials in the workplace poses a significant risk to security.