Vormetric, a leading data-centric security solution provider, recently announced the preliminary findings of its “Protect What Matters – Data Security” research. The results, compiled from a global online survey of more than 450 respondents, details newer IT trends and data breaches as primary security drivers. The research also highlights that protecting brand reputation and observing security best practices should be an organization’s primary motivators for data protection, while meeting compliance requirements also remains a major driver facing IT today.
“The security landscape has evolved considerably over the past 18 months. With advanced persistent threats recurring headline news, and as more organizations embrace the merits of cloud computing and Big Data, it is essential that enterprises ensure their IT infrastructure is geared up to keep pace with the changing market,” said Tina Stewart, vice president of marketing, Vormetric. “We wanted to conduct this research to assess the extent to which organizations’ security measures and motivations reflect these changes, and overall the study reveals that organizations are reassuringly starting to move in this direction.”
The online global survey gathered responses across a full range of markets – banking/financial services, retail, manufacturing, public sector and others.
Click through for key findings from data security research conducted by Vormetric.
Defending against IT security challenges is the primary security driver for more than half of respondents.
While compliance is still a strong security driver, newer IT trends – such as Big Data, cloud, BYOD and mobile security – accounted for a full 36 percent of respondents’ choices, and 16 percent of respondents selected ‘data breaches’ as the primary data security driver at their organization. Given that 52 percent of the respondents called out drivers other than compliance, it’s clear that organizations’ security strategies are governed by the need to protect against an increasingly complex array of IT challenges.
Respondents feel that protecting brand reputation and observing security best practices should be the primary motivations for data protection.
Nearly two thirds of respondents (64 percent) believed that protecting the company’s reputation (32 percent) and implementing best practice security measures (32 percent) should be the primary motivation for data security within their organization; meeting compliance requirements came in third at 22 percent. This highlights that IT professionals recognize that compliance alone is not enough to protect their organization. As targeted attacks have proliferated, organizations around the world are recognizing the requirement to adjust their security posture to keep ahead of current threats.
IT security budgets are rising at a large number of organizations.
Faced with the challenge of securing newer technologies like Big Data and cloud, the budgets at many of the respondents’ organizations (42 percent) have increased or remained static (39 percent). Only six percent of respondents reported that their IT security budget has been reduced, while 13 percent didn’t know.
Respondents name server encryption as the key focal point for IT data security investment over the next 12 months.
Core elements of a data-centric security strategy that protects information where it resides are encryption with access controls to lock down and control access to critical information, combined with log management and database activity monitoring (DAM) to identify unusual usage patterns that may represent a new advanced persistent threat (APT) attack, or malicious insider. The survey shows organizations are investing in these areas with 40 percent investing in server encryption and 33 percent investing in both log management and DAM.
“Protecting brand reputation is a particularly widespread security driver among the respondents and, as recent high profile hack incidents have demonstrated, a business’ reputation is very much at stake,” said Tina Stewart, vice president of marketing, Vormetric. “Organizations need to deploy security measures as close to the data as possible, especially sensitive data that resides on servers. That means implementing data-centric security solutions that combine protections for critical data using encryption and access controls, coupled with detailed access information that will allow a SIEM solution to identify advanced threats, compromised accounts and malicious insiders. Our survey’s findings indicate that organizations are beginning to understand the business value of implementing security best practices like these — but thought and action are two different things. For organizations that want to avoid becoming the next high-profile victim of a cyber attack, the time to protect what matters is now.”