While many businesses recognize the value of protecting themselves from potentially disastrous security incidents, they fall short in their attempts to do so.
It is clear companies of all types and sizes consider security to be a high priority in todayβs increasingly tech-oriented business climate. And itβs no surprise why. Cloud computing has become more widely adopted and complex, mobile devices of all types now populate the workplace, and companies continue to work to leverage technology to meet their ever-changing business needs. But thereβs a downside -- namely new and increasing security threats and vulnerabilities. However, while many businesses recognize the value of protecting themselves from potentially disastrous security incidents, they fall short in their attempts to do so.
Recent research conducted by The Computing Technology Industry Association (CompTIA) found seven even out of 10 organizations rate security as a high/upper level priority, compared to 49% in 2010. Meanwhile, one in three or four organizations experienced a security incident in 2011, with about half of them being considered serious.
The aforementioned statistics are especially alarming when one also considers other CompTIA findings. For instance, approximately 40 percent of organizations are dealing with significant or moderate expertise gaps among the members of their IT staff. Furthermore, only about 29% of organizations report conducting a heavy review of their cloud service providerβs policies, procedures, and capabilities. This suggests a significant number of them simply arenβt equipped to deal with security threats. And according to CompTIAβ VP of Research Tim Herbert, thereβs one main reason why.
βOne of the patterns weβve seen for quite awhile is that most companies rely on general IT staff to also manage the companyβs security policies and security implementations,β says Hebert. βWith the growing sophistication in certain areas of the security threats, it is no longer something a generalist can adequately handle.β
The CompTIA data also suggests companies are also struggling to find outside help to deal with their security concerns, as about 50% of organizations report facing challenges in hiring IT specialists. In an age where organizations are transitioning from a low-risk use of cloud computing to a more mission-critical use, thatβs a problem. According to CompTIA, system downtime of cloud providers, data exposure during transfers between on-premise and cloud systems, and the physical security of cloud data centers and data segregation in a multi-tenant environment should be of the utmost concern to business organizations and their IT staffs.
And yet, three in four report they lack the proper knowledge regarding their cloud service providerβs policies, procedures, and capabilities.
Yes, businesses say security is a top priority. However, their actions indicate otherwise. It makes little sense to invest in a technology to improve business capabilities, but fail to spend the necessary time, effort, and money to support that technological investment.
So why do businesses and organizations fall short? Hebert offers one explanation.
βCloud and mobility and data and social, they arenβt new. But companies are moving more critical systems and they are using these technologies in ways they may not have used them a year or two ago,β he says.
This has led to more data and complexity, and companies are unable to adequately adjust and make that data useable.
βFor the most part, a lot of companies are still just wrapping their arms around what they have,β says Hebert.
Well, it is clear that approach isnβt working. Companies need to take more aggressive steps to protect themselves from security threats β whether itβs closely studying their cloud provider, gaining a better understanding of their business data, or considering an investment in outside security services. The increased use of technology in the workplace and the ever-increasing number and complexity of security incidents is evidence that talking tough simply isnβt enough anymore.
What are your thoughts? Email me at [email protected] to learn more.