Orgs need to share info, crave more board oversight, study says | SC Media
Architecture, Network security

Orgs need to share info, crave more board oversight, study says

April 1, 2015

Even as an information-sharing bill sits before Congress and amid warnings from both government and private sector groups that hackers have grown proficient by sharing threat information, only a little over a third of companies actually share data, a study released on Tuesday revealed.

The “Third Annual Information Security Survey,” conducted by Blue Lava Consulting and sponsored by vArmour, found that while 36 percent of respondents share information with industry groups, while 50 percent of respondents don't share any information.

The study also found that legacy security systems that guard the perimeter have lost their luster with the majority (75 percent) of information security professionals surveyed who are stepping away from traditional security approaches, and now will likely allocate their budget dollars on new vendors for “agile security solutions” to protect their data centers.

“Legacy Information Security systems are inadequate to protect organizations today since the perimeter is essentially gone,'” Demetrios Lazarikos, IT security researcher and strategist at Blue Lava, told SCMagazine.com in a Wednesday email correspondence.  

"Data centers are a 'hot mess,'” he added, “since legacy systems have been cobbled together and in most cases are being protected by legacy security solutions that haven't changed in over a decade.” 

Cloud technologies sit firmly on the horizon of the 300-plus IT security directors and executives queried for the study, though those “hot mess” data centers may stand in the way of a smooth transition to the cloud.

Pointing out that “organizations can't transform themselves fast enough as the business goes completely digital,” Lazarikos underscored that “all aspects of operating a data center today require organizations to be completely agile in today's digital world.”

But emerging technologies, such as cloud and the Internet of Things (IoT) “will be impossible to manage with legacy data center infrastructure and security solutions,” he said. “When we move into this digital transformation, organizations must move quickly to adopt new and innovative solutions. In order to compete with the digital revolution - this means you need to jump curves (a la Steve Jobs).”

Cloud raised security flags for most of those surveyed—85 percent—so expect to see a rise in the number of breaches as their organizations shift to cloud. Just over three-quarters, 76 percent, anticipated that their budgets would expand as a result.

For all of their talk of favoring more nimble security solutions and the need for changing the current security model, only 49 percent of those surveyed had taken a “proactive, risk-based approach.”

Lazarikos noted that creating an environment “to evaluate and explore new and emerging technologies” will become “critical” as organizations move both solutions and data to the public cloud.  “Aligning posture, terminology, and economics brings success for those that adopt these business principles,” he stressed.

The boards of directors at organizations continue to take a more active role in security, the study found, with 11 percent of respondents saying that they report to their boards. However, the shift has not occurred quickly enough or spread widely—29 percent said that, currently, they didn't receive enough board oversight.

Lazarikos recommended that security pros “invite your CISO to board meetings and coach this individual to present Information Security updates by defining risks and solutions in business terms.”  He urged them also “to align with the terminology and the economics of the business” so that they can bridge the language gap between security and the C-suite.

prestitial ad