Every once in a while, a survey comes along that puts things in perspective. Such is the case with a survey published this week by the Ponemon Institute that basically highlights the fact that IT innovations are outpacing the ability of security specialists to keep up.
Here are some of the troubling numbers from the survey, which was sponsored by Lumension Security:
Though security people tend to be gloomy in their assessments, you could conclude nevertheless that somewhere between one-third to half of all the IT organizations out there are not very serious about security.
A lot of this may have to do with the fact that the existing security budget is being misspent. But more of it has to do with the pace of IT change. The proliferation of mobile computing devices means more data than ever is not secure. The rise of cloud computing and application integration in general is creating more points of intersection that need to be secured. And instead of targeting network perimeters, the bad guys are going after specific types of data as part of a criminal enterprise, as opposed to just trying to show off their hacking skills.
In fact, you could argue that the half of survey respondents who said their security was basically in good shape might be delusional. Going into 2010, every organization needs a top-to-bottom review of its security policies. The first thing that will become apparent is how many holes there are, and the second thing will be a realization of how little value is gained from existing security expenditures.
Ultimately, what this all means is that the time for converging security and everyday systems management is long overdue. The reasons we have so many security issues is that we keep approaching security as an afterthought, rather than something that is intrinsic to the process of IT.