In a survey of 1,200 IT decision makers at enterprise and small-to-medium-size businesses in the United States, U.K., Germany and Japan, 60 percent of respondents said that security was a "big" or "the biggest" challenge in managing their company's infrastructure. In addition, survey respondents said that protecting customer and company data is their No. 1 security priority.
Slightly more than half of those surveyed said that they believe IT security advances overall business goals (52 percent) and increases end-user productivity (51 percent). The survey was conducted during April and May by market research firm Harris Interactive, on behalf of Microsoft.
“Security is an enabler of business because today business needs to get done from any computer anywhere on any network -- and that can't be done unless customer data and business data/operations is protected,” John Pescatore, vice president and distinguished analyst at Gartner, told SCMagazineUS.com in an email Wednesday.
Neglecting security has led to attacks that have severely impacted businesses, Pescatore said. But if the security had been built in, the incidents could have been avoided.
“Heartland [Payment Systems] will spend a lot more [money] dealing with their major incident than they would have spent preventing it,” Pescatore said.
John "JG" Chirapurath, Microsoft's director of the Identity & Security Division, told SCMagazineUS.com on Wednesday that today's challenges -- allowing users access to the information they need to do their jobs while ensuring that information is protected -- require new and innovative solutions. Companies must innovate by looking how existing processes are being run and then optimizing them, he said.
According to the study, 51 percent of survey respondents said that budget constraints are the biggest barrier to innovation. Pescatore said that increasing spending, however, doesn't always mean increasing innovation, and likewise, decreasing spending doesn't always reduce innovation.
“In security, some of the most innovative approaches to improving security end up reducing IT spending,” he said.
Having standard security controls that get enforced, for example, reduces the costs of patching and configuration management -- while increasing security, Pescatore said. Another innovative approach could be to avoid jumping on the latest operating system release before vulnerabilities have been fixed. Doing so generally results in better service due to fewer attacks and outages, which also cuts down on IT spending, he added.