The findings of a wide ranging, European survey into the IT security strategies of over 300 mid to very large sized enterprises have been unveiled. The survey queried enterprise IT decision makers in France, Germany, Italy, Spain, Benelux and the UK about their approaches to security strategy amid a constantly changing landscape for how businesses use IT.
Broader Coverage at Less Cost: The Future Security Strategy Must-Haves
Greater comprehensiveness covering more business assets beyond the core network perimeter like mobile endpoints, processes, etc., and more cost-effectiveness were ranked by far as the top two improvements needed to drive into future security strategy.
Among the biggest drivers for strategic changes to security were still the ‘traditional’ concerns of combating the growing sophistication of threats and attacks (25% naming it as the most important driver) and meeting compliance (16%). However, IT decision-makers felt equally pressured by a mixture of IT trends with cloud computing (19%), mobility (16%) and virtualisation (13%) all named by individual respondents as key shaping influences for reassessing their IT security strategy.
Many Strategies Falling Off The Pace
One-sixth of enterprises questioned (16%) either didn’t have a security strategy, or had not reconsidered their IT security strategy for more than three years. Only 60% of enterprises have conducted a full reappraisal of information security strategy in the last 12 months.
Given the recent remarkable pace of cloud IT adoption and the rise of tablet PCs and smartphones for corporate IT use, it is critical for organisations to regularly review their IT security strategy and, in that sense, those which have not done so in a year or more expose themselves to greater risks.
For instance, confronted with the increasing IT consumerisation trend, where users have greater power in choosing their own preferred IT practices and technologies within the organisation, it is not surprising that 60% of respondents were concerned about their organisation’s ability to secure corporate data in this dynamic, new user-led IT environment.
Most Security Strategies Cover Mobile, But Not Personal Devices
Across the sample, 88% of respondents indicated that they have mobile security covered specifically in their IT security strategy. However, 66% of enterprises only allow the use of corporate mobile devices onto which security policies can be directly enforced. 21% of enterprises place the responsibility for securing personal mobile endpoints with the user/owner of the device in question.
Wireless Networks: The Greatest Vulnerability
When asked which parts of their IT infrastructure were vulnerable from a security standpoint, wireless networks were the most identified component (quoted by 57% of the sample). As well as being highlighted the most, wireless networks were also ranked highest in terms of greatest vulnerability, ahead of core network infrastructure (ranked 2nd) and databases (3rd).
Traditional Firewalls Going Up in Smoke
With application awareness and control capabilities underpinning the emergence of ‘next-generation’ firewalls and the death of traditional firewalling solutions, today 50% of the sample are now using, or plan to deploy, a firewall with application control features. Specialised web application and XML firewalls are also being adopted in significant numbers, with 43% of the overall sample now using, or planning to use, this technology to secure web-based applications.
- The UK shows the highest rate of application aware, ‘next generation’ firewall adoption with 60% of its sample using this technology
- Germany and Italy are the largest adopters of web application /XML firewalls, each with 54% of their samples
Network Security Consolidation – Still A Work In Progress?
69% of respondents have consolidated security elements to date in order to take advantage of less cost, simplified management and tighter security, and 79% of them say that they will continue consolidating more security over the next 12 months.
24% of the sampled organisations plan to embark upon a network security consolidation project for the first time in the next 12 months. Only 7% of the overall sample intends to continue abstaining from any network security consolidation project for the foreseeable future.
- Italy has the most unfinished business in respect of enterprises continuing to embrace network security consolidation, with 60% of the overall sample saying they’re still on their journey (the European average is 55%)
- In Benelux, 24% of the sample feel they have embraced network security consolidation to the furthest extent desirable (European average = 14%)
- French organisations in the sample are most likely to start out on network security consolidation (34%) for the first time. In Benelux, the figure is just 16%
- The Italians and Spanish are the most averse to any suggestion of consolidating network security elements (10%); nearly three times as much as Germans and Britons (each 4%, respectively)
IT departments and dedicated information security professionals face challenges from all directions as they fight to maintain a coherent security strategy that both protects data, and responds to the changing needs of users and the business at large.
Organisations that can call upon the common technology approach of an end-to-end security solution family are best set to meet these challenges without complicating management processes, compromising performance, or adding unnecessary financial overheads.