111 Data Issues That Keep IT Security Pros Up at Night
2Security Pros Don’t Know Where All Sensitive Data Is Located
3The Struggle to Quantify Risk of Sensitive Data
4Data Breaches Top List of IT Security Risks
The consequence of not knowing the location and risk of sensitive data is that security professionals are unable to protect their organizations from data breaches. More than one-third of respondents cite data breaches as the top IT security risk facing their organization. Employee/user negligence is reported to be the second-biggest risk, while noncompliance and malware/advanced persistent threats are considered the least risky.
5Automated Security Is on the Rise
More than half of survey respondents reported that their companies are using automated solutions to discover sensitive data and protect it from a potential breach. Sixty-four percent say their automated solution is developed in-house, rather than provided by a third-party vendor. That is a surprisingly high number—to eWEEK at least.
6Uncertainty Around What’s Actually Being Tracked
Although many organizations use automated solutions to gain visibility into user activity around sensitive data, nearly half of respondents admit they don’t actually know what is being tracked. Even among security professionals who do have this insight, there remains a discrepancy between what user activity is actually being tracked versus what should be tracked, particularly when it comes to privileged-user access, cross-border transfers, high-volume access and new proliferation of data.
7Data Classification Tools Are Most Effective in Stopping Breaches
8Commercial Solutions Don’t Address User Behavior Risks
While there are a seemingly endless number of security and risk management vendor solutions in the market, about two-thirds of respondents report difficulties finding commercial solutions that help mitigate behavioral risks such as employee/user negligence or malicious insiders. As a result, IT security teams either go without these protections or are forced to build them in-house.
9Intelligence Analytics Increasingly Are Critical
When asked to predict the process-focused security controls that will be most relevant during the next three to five years, more than half of respondents named security intelligence analytics to identify risk and threats. Threat feeds and intelligence sharing (45 percent), advanced authentication and identification solutions (40 percent) and user provisioning and identity management (37 percent) are also noted as becoming increasingly critical.
10Cloud Gateways Will Be Key in Coming Years
Security professionals expect that cloud-service brokers and cloud application gateways (40 percent) and user awareness training (39 percent) will be the most relevant target-focused security controls in the coming years. Respondents also cite information protection and control (such as data loss prevention, tracking, masking and encryption) and database firewall/activity monitoring.
11Threats, Budgets Drive Security Program Changes
12Shadow IT Will Pose the Next Big Security Challenge
According to respondents, over the next three to five years, the industry trends that will have the biggest impact on decisions related to their organization’s security programs are the consumerization of IT/shadow IT, mobility and increased sophistication of attackers.