Despite growing awareness among C-level executives, there is a long way to go when it comes to match concerns with actions
Six out of ten respondents (58%) in a recent study said they are more concerned about uploading critical data to the cloud now, as compared to a year back. The same survey also reveals that about 82% of decision makers have attempted to limit data access points to enhance security and only 18% are fully confident that their data is secure when employees access it remotely.
This challenges the perception that new technology is being warmly accepted by the business executives and everything is hunky-dory. The online survey was conducted by Penn Schoen Berland, on behalf of Dell among 1,302 business and IT respondents in the US, Europe and APJ.
Here are the broad findings.
Data security is a concern for the C-level; yet, keeping ahead of threats remains a concern, as actions do not match the concern.
According to the survey, nearly three in four respondents agree that data security is a priority for their organization’s C-level executives, yet these respondents feel senior executives don’t pay enough attention and aren’t well informed about data security issues and tools. In fact, one in four respondents don’t find their C-suite to be informed about data security issues.
“The findings also show that three in four decision makers say their C-suite plans to increase current security measures, and more than half expect to spend more money on data security over the next five years. However, cost is a concern when it comes to building on existing security programs – 53 percent cite cost constraints for why they don’t anticipate adding additional security features in the future, and only one in four decision makers are very confident in their C-suite’s ability to budget enough for data security solutions over the next five years,” says the report, based on the survey.
Despite increased buy-in from the C-level, business alignment has to go a long way
As many as 58% respondents find shortage of skilled security professionals in the market is adversely affecting their business. Many think the antiquated security techniques and practices are a direct result of this. Interestingly, this is a challenge that popped up in the ISACA cybersecurity survey too. In India too, CISOs have been facing the heat in finding good manpower. (See Toughest Security Challenge: It's Skill Gap)
But more alarmingly, it is the lack of business buy in, that worries the IT decision maker. Despite C-level support, IT decision makers feel business buy-in has not really percolated down. As many as 69% decision makers still view data security as a burden on their time and budget. “This shows that businesses still see data security as an afterthought, and not as process which enables greater mobility,” notes the report.
The impatience with the point security solutions that dominate the market is clearly visible when every three out of four executives (76%) say that the solution would be simpler if they come from a single vendor.
Malware and weaponized attacks are keeping IT and business decision makers up at night
In what is an obvious finding, nearly three in four (73 percent) decision makers are somewhat to very concerned about malware and advanced persistent threats, even though the majority already rely on anti-malware software to maintain their organization’s data security.
Interestingly, this concern is highest in India, among major countries. As many as 56% in India are very concerned about malware threats, while in both US and France, 31% each are very concerned about the issue. In Japan and Germany, only 12% and 11% respectively are so worried (very concerned).
Only one in five decision makers globally are very confident in their ability to protect against sophisticated malware attacks.
Lack of awareness about data security among employees is perceived as a a big risk. Phishing is the attack that most (73%) are worried about.
Employers feel they have to limit mobility in order to protect data
In what comes as a grave reminder is that not everything is smooth and progressiveis that many as 82%—and that is a big number—admit to having attempted to limit data access points to enhance security. Less than one-fifth (18%) are convinced about data security in case of remote access by employees. Almost three out of four (72%) believe that knowing where data is accessed will make their data-protection measures more effective.
And this is a harsh reality. Despite all the pep talk given by technology vendors, businesses identify security as a higher priority than employee flexibility. Some 67% are hesitant to introduce a bring-your-own-device (BYOD) program, and 65 % are holding back plans to make their workforce more mobile for security reasons. In addition, 69% respondents say they are still willing to sacrifice individual devices to protect their company against a data breach.
In short, the outlook towards consumerization is pretty conservative. And that has its repercussions beyond lack of flexibility. The survey finds that about half of millennials expect to have the ability to conduct business on mobile devices, and 43% of the workforce does so secretly in any case, even if the company doesn’t have a mobility program in place.
“So when companies opt out of creating sanctioned, secure mobility programs, they open themselves up to even greater risks,” the report notes . “Even those that succeed at locking down data by removing workplace flexibility risk losing star employees,” the report notes.
Respondents see their data at risk in public cloud platforms
The most important finding of the survey is that the so-called growing confidence in security of the public cloud is a myth.
Nearly four in five respondents are concerned with uploading critical data to the cloud, and 58% are actually more concerned than they were a year ago. In other words, the confidence is shrinking.
As many as 38% decision makers have limited access to public cloud resources within their organization due to security concerns and 57% of decision makers who are current cloud users and 45 % of those planning to use public cloud platforms, will rely heavily on cloud vendors to provide security, the survey finds.
The survey only confirms what CIOs and CISOs whisper: One, while there is no denying the fact that there is a growing sensitivity about risks arising out of data security breach among the top executives, it has not resulted in corresponding action to tackle the problem. Two, despite big talk of consumerization and newer mobile devices enhancing productivity, the outlook towards actually allowing them to be used by employees is still conservative, if not negative.