Security Spending Outstrips Data Security

Thursday, August 11, 2011 @ 01:08 PM gHale

More than one-half of IT budgets go toward security, but 70% of IT professionals have experienced data breaches and still struggle to mitigate attacks due to limited time and resources, according to a new survey.

A majority of respondents of more than 200 IT professionals admit they lack the ability to manage security in virtualized and cloud environments and to monitor and secure consumer devices, such as smart phones and tablets, according to the survey conducted by NetIQ and Harris Interactive.

Security Strategies: Oil Companies Lag Behind
Security 101: Avoiding Social Engineering, Phishing Attacks
Web Sites to Find if You’re a Target
Paranoia Means Better Security

More than 70% of respondents have experienced the following in the past two years: malware (76%), lost or stolen equipment (75%), external data theft (74%), and insider data theft (72%).

Survey respondents cited the following as their most difficult challenges: Lack of time to monitor vast amounts of data (64%), inability to manage security in the cloud (55%), and inability to manage security in virtualized environments (54%).

“Although half of the IT budget is devoted to security, security appears to be broken for many organizations,” said Net IQ’s Brennan O’Hara.

The survey found IT security budgets continue to grow, despite the continuing poor performance on data security. Around 77% of respondents said IT security budgets are higher this year compared to last. On average, 59% of the enterprise IT budget goes toward security.

The lack of time to monitor data is a key contributor to the continuing security problems at these organizations, O’Hara said.

“What we found was that IT security staffs in general are greatly under-resourced,” he said. “So, although the enterprise may have solutions in place to log all these security events … unfortunately with lack of staff and resources, there is an inability to sift through all that data. Folks seem unable to properly analyze and correlate the data in order to prevent the data breaches that are happening.”

Survey respondents cited the following as weaknesses of current security solutions: Handling consumer devices (such as smart phones), short life span of current solutions, handling the disappearance of the traditional firewalls, and difficulty in deploying solutions.

“Users are going outside of security policy and conducting business with customers or partners in a way that is not visible to IT, ultimately leaving IT with the inability to track and monitor that access. That greatly exposes organizations to data theft of some kind,” he said.

O’Hara identified some technologies a company should implement as part of an enterprise’s security foundation, such as log management and access management tools; password management; and identity management tools, particularly for cloud and virtual environments.

Policies and procedures also need to be in place to secure data.

“Security really must be part of the user’s culture and should be part of the DNA of the enterprise,” he said.

Leave a Reply

You must be logged in to post a comment.