SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Dell gets to the bottom of what's really going on with business data security
Wed, 9th Mar 2016
FYI, this story is more than a year old

While C-level executives recognise the benefits of data security, organisations are still struggling to develop programmes that effectively incorporate security strategies without detracting from other business initiatives, according to the first Dell Data Security Survey.

The report found that even with tools in place to address data security needs, business and IT decision makers report gaps in their comfort level with implementing or expanding programmes that rely on these technologies. In addition, security concerns are limiting the adoption of cloud and mobility solutions throughout organisations.

Discordance between C-suite and IT teams grows

While the C-suite is more invested in data security than in the past, IT teams feel executives are still not allocating the energy or resources needed to properly address data security challenges.

Nearly three in four decision makers agree that data security is a priority for their organisation's C-suite; however, one in four decision makers don't find their C-suite to be adequately informed about data security issues.

Three in four decision makers say their C-suite plans to increase current security measures, and more than half expect to spend more money on data security in the next five years.

Cost is a concern when it comes to building on existing programmes, with 53% of respondents citing cost constraints for why they don't anticipate adding additional security features in the future.

Only one in four decision makers are very confident in their C-suite's ability to budget enough for data security solutions over the next five years.

“These findings suggest that the C-level has to be more engaged when it comes to integrating data security strategies into their business,” says Steve Lalla, Dell vice president of commercial client software and solutions.

“Business leaders understand the need to invest in their security infrastructure, but that isn't translating into updating or expanding their current systems to adequately prevent modern attacks,” he says.

Lack of business support limits data security programmes

The report found that a lack of investment in streamlined technologies and a shortage of talent are both barriers to fine-tuning data security programmes.

The majority of decision makers (58%) believe that their organisation is adversely affected by the shortage of trained security professionals in the industry. In fact, 69% of decision makers still view data security as a burden on their time and budget.

Still, nearly half (49%) of respondents believe they need to spend more time securing their data in the next five years than they are today. Furthermore, 76% believe their solutions would be less burdensome if provided through a single vendor.

“These findings show that the costs and time constraints that commonly accompany traditional single point solutions have an adverse impact on IT departments.

“For companies with hundreds or thousands of employees, managing each endpoint separately using multiple consoles is extremely inefficient and leads to a high probability of conflict or incompatibility. Implementing a single, integrated suite for IT management can drastically improve this process," says Lalla.

Malware and weaponised attacks key causes for concern

The report showed that respondents remain highly concerned about malware, despite the fact that most have anti-malware solutions in place.

Nearly three in four (73%) decision makers are somewhat to very concerned about malware and advanced persistent threats. Only one in five respondents are very confident in their ability to protect against sophisticated malware attacks. Respondents are more worried about spear phishing attacks (73% are concerned) than any other breach method, the survey found.

“The fact that IT and business decision makers are not confident in their anti-malware defense implies that they may be using outdated or ineffective tools,” says Brett Hansen, Dell executive director data security solutions.

“When IT teams do not have the resources they need to proactively prevent threats and stay on top of the evolving threat landscape, they are forced to play defence using threat detection and remediation alone,” he says.

Fear surrounding mobility continues unabated

The common narrative is that all offices are becoming more mobile, but according to this report, the truth is somewhat more complicated.

The majority of mid-market companies (65%) are holding back plans to make their workforce more mobile for security reasons with 67% hesitant to introduce a bring-your-own-device (BYOD) programme.

While 82% of decision makers have attempted to limit data access points to enhance security, 72% of decision makers believe that knowing where data is accessed will make their data protection measures more effective.

In fact, 69% of respondents say they are still willing to sacrifice individual devices to protect their company against a data breach, yet 57% of respondents are still concerned about the quality of encryption used by their company.

Security concerns aside, two in five respondents are interested in allowing greater mobility for enhanced employee productivity, the report finds.

“When organisations opt out of creating sanctioned, secure mobility programmes, they open themselves up to other risks. Mobility and security can easily co-exist with modern data security technology that uses intelligent encryption to protect data whether it's at rest, in motion or in use," says Hansen.

Confidence in public cloud platforms lacking

With more employees using public cloud services like Box and Google Drive in the workplace, decision makers are not confident in their ability to control risks posed by these applications, according to the report.

Nearly four in five respondents are concerned with uploading critical data to the cloud, and 58% are actually more concerned than they were a year ago. According to the study, 38% of decision makers have restricted access to public cloud sites within their organisation due to security concerns.

Furthermore, 57% of decision makers who are current cloud usersand 45% of those planning to use public cloud platforms, will rely heavily on cloud vendors to provide security.

Only one in three organisations cite improving secure access to public cloud environments as a key focus for their security infrastructure, yet 83% say that employees are either using, or will soon be using, public cloud environments to share and store valuable data.

“Security programmes must enable employees to be both secure and productive, and this means enabling technology that helps them do their jobs,” says Hansen.

“Companies can try to limit or prohibit public cloud use, but it's more effective to use intelligent data encryption to protect corporate data wherever it may go, and reduce the risk of employees working around restrictive policies in order to be productive,” he says.

Michael Kaiser, National Cyber Security Alliance executive director, says, “While we've come a long way from the days when cybersecurity was an add-on to the IT infrastructure in organisations, more work needs to be done.

“The Dell Data Security Survey highlights that as the security landscape evolves, and threats become more sophisticated, organisations need to foster a culture of cybersecurity awareness from the top down and integrate it throughout their organisation.