11 Data Issues That Keep IT Security Pros Up at Night

11 Data Issues That Keep IT Security Pros Up at Night
Security Pros Don't Know Where All Sensitive Data Is Located
The Struggle to Quantify Risk of Sensitive Data
Data Breaches Top List of IT Security Risks
Automated Security Is on the Rise
Uncertainty Around What's Actually Being Tracked
Data Classification Tools Are Most Effective in Stopping Breaches
Commercial Solutions Don't Address User Behavior Risks
Intelligence Analytics Increasingly Are Critical
Cloud Gateways Will Be Key in Coming Years
Threats, Budgets Drive Security Program Changes
Shadow IT Will Pose the Next Big Security Challenge
1 of 12

11 Data Issues That Keep IT Security Pros Up at Night

A new Ponemon study uncovers what's really keeping IT security professionals up at night. Here are the key takeaways from the report.

2 of 12

Security Pros Don't Know Where All Sensitive Data Is Located

According to the report, 62 percent of surveyed security professionals are concerned over their inability to have complete visibility into where their organization's sensitive or confidential data resides.

3 of 12

The Struggle to Quantify Risk of Sensitive Data

The lack of confidence in knowing the location of sensitive data is compounded by the fact that more than half of security professionals struggle to understand the true risk to data contained in databases, emails and files.

4 of 12

Data Breaches Top List of IT Security Risks

The consequence of not knowing the location and risk of sensitive data is that security professionals are unable to protect their organizations from data breaches. More than one-third of respondents cite data breaches as the top IT security risk facing their organization. Employee/user negligence is reported to be the second-biggest risk, while noncompliance and malware/advanced persistent threats are considered the least risky.

5 of 12

Automated Security Is on the Rise

More than half of survey respondents reported that their companies are using automated solutions to discover sensitive data and protect it from a potential breach. Sixty-four percent say their automated solution is developed in-house, rather than provided by a third-party vendor. That is a surprisingly high number—to eWEEK at least.

6 of 12

Uncertainty Around What's Actually Being Tracked

Although many organizations use automated solutions to gain visibility into user activity around sensitive data, nearly half of respondents admit they don't actually know what is being tracked. Even among security professionals who do have this insight, there remains a discrepancy between what user activity is actually being tracked versus what should be tracked, particularly when it comes to privileged-user access, cross-border transfers, high-volume access and new proliferation of data.

7 of 12

Data Classification Tools Are Most Effective in Stopping Breaches

Nearly three-quarters of respondents use data classification tools to improve data security. The most commonly used data classification tools are data monitoring (69 percent), followed by encryption or tokenization (61 percent) and data discovery (55 percent).

8 of 12

Commercial Solutions Don't Address User Behavior Risks

While there are a seemingly endless number of security and risk management vendor solutions in the market, about two-thirds of respondents report difficulties finding commercial solutions that help mitigate behavioral risks such as employee/user negligence or malicious insiders. As a result, IT security teams either go without these protections or are forced to build them in-house.

9 of 12

Intelligence Analytics Increasingly Are Critical

When asked to predict the process-focused security controls that will be most relevant during the next three to five years, more than half of respondents named security intelligence analytics to identify risk and threats. Threat feeds and intelligence sharing (45 percent), advanced authentication and identification solutions (40 percent) and user provisioning and identity management (37 percent) are also noted as becoming increasingly critical.

10 of 12

Cloud Gateways Will Be Key in Coming Years

Security professionals expect that cloud-service brokers and cloud application gateways (40 percent) and user awareness training (39 percent) will be the most relevant target-focused security controls in the coming years. Respondents also cite information protection and control (such as data loss prevention, tracking, masking and encryption) and database firewall/activity monitoring.

11 of 12

Threats, Budgets Drive Security Program Changes

Sixty-seven percent of respondents say that changes to their organization's IT security programs are dictated by immediate threats and vulnerabilities. The second-most common driver of change is budget and resource constraints.

12 of 12

Shadow IT Will Pose the Next Big Security Challenge

According to respondents, over the next three to five years, the industry trends that will have the biggest impact on decisions related to their organization's security programs are the consumerization of IT/shadow IT, mobility and increased sophistication of attackers.

Top White Papers and Webcasts