What’s keeping IT security leaders awake at night?
Added Tuesday 17 November 2015
As the world in which we all live and work has changed beyond all recognition with the advent of mobile technologies, social business, big data analytics and cloud, security now needs to be the cornerstone of today’s IT strategies.
In the 2014 IBM CISO Assessment, 82% of respondents said that the very definition of ‘security’ had changed in the last 3 years. Security policies need a complete rethink in the light of growing volumes and varieties of data and devices, combined with changing user needs and business demands. So what are the most pressing concerns for today’s IT security leaders?
- External threats: This is considered the biggest security challenge of all, with 50% citing external threats posed by the likes of hackers and cyber criminals as requiring the most organisational effort to address over the next 3-5 years. Almost 60% of those interviewed said that they felt the sophistication of attackers was outstripping their organisation’s defences and more than 80% have seen the external threat increase in the past 3 years.
- Security beyond organisational boundaries: It’s no longer realistic for an organisation to isolate itself in order to reduce the risk of a security breach. With more collaboration, interactions and connections than ever before, today’s social business world demands a blurring of boundaries in order to optimise employee productivity and keep pace with customer expectations. 62% of the leaders surveyed recognised this as a major issue – strongly agreeing that risk levels are increasing as a result of growing collaboration with customers, suppliers and partners. 86% recognised the importance of joining a formal industry-related security group – a big increase on the 42% who already collaborate in this way.
- Integrating security technology with business processes: New technologies are coming to market all the time with the promise of solving the latest security threats, but they will only be effective if properly integrated with the appropriate business processes. With organisations already straining to address their security needs, 50% of those surveyed will concentrate on simplifying processes and making their existing technology work more effectively, rather than developing new systems. The remaining 50% of respondents put the deployment of new security technology in their top 3 focus areas, with real time security intelligence (72%), cloud security (86%) and mobile device security (50%) identified as areas needing urgent attention.
- Uncertainty over compliance: The IT security leaders surveyed expressed major concerns over the variety and changing scope of industry standards and government regulations. 79% said the challenge to ensure compliance has increased over the past 3 years – making it the 2nd most important area requiring their attention, after external threats. 60% are uncertain about the role the government will play in security on a national or global level, with only 22% believing that a global approach to combatting cybercrime will be agreed upon in the next 3-5 years.
What can security leaders do to address these challenges?
James Melvin, Business Development Manager for Security at Arrow ECS, believes that a fully integrated approach is the way forward:
“Cloud and Mobile are taking the enterprise way beyond the data centre, so that outdated firewalls and antivirus – though completely necessary - are wholly inefficient to deal with today’s sophisticated and advanced threats. Security requires a new way of thinking. It must be part of every IT conversation and every IT project, throughout the enterprise. A successful security strategy for today has to be based on real time security intelligence and Analytics - integrating security for people, data, applications, data centre, networks and endpoints.”