Key Security Investments for 2013…and beyond

Have you seen the 2013 Global State of Information Security Survey¹ (GISS) from CIO Magazine, CSO Magazine and Price Waterhouse Coopers?  It reveals an interesting trend with regard to security programs and highlights a shift in security priorities.

 

A majority of respondents to the 2013 GISS survey say their information security activities are effective—but this confidence has been eroding since 2008.  (Source: Question 41: “How confident are you that your organization’s information security activities are effective?”)¹

GISS confidence chart.jpg

 

Despite this self-confidence, the analysis reveals that only 8 percent of respondents rank as real leaders. “A comparison of this group with the much larger cohort of self-proclaimed front-runners suggests that many organizations have opportunities to improve their security practices.”¹

 

What defines a leader?  According to the study, “Leaders are, by significant margins, more likely than all respondents to have a more mature security practice, implement strategies for newer technologies, and use sophisticated technology tools to safeguard data.”¹

 

How leaders compare

 Giss leader chart.jpg

 

The GISS data shows that leaders are twice as likely to have a CISO or equivalent and to involve security early in major projects.  All have measured and reviewed security in the past year and a majority of respondants expect to spend more in 2013. 

 

These statements say that current security programs are not enough.  Security must be dynamic and investments must evolve to keep up with current challenges.  A case in point:  even leaders are behind on mobile security – only 57 percent have a mobile security strategy¹.  This is why one of the top investment areas for 2013 is mobile security—as evidenced by the GISS survey results:

 

 GISS tech shift.jpg

 

In 2013, security investments will be driven by the new threat landscape brought about by Cloud and Mobility.  And many are investing in context-awareness via correlation tools and federated-identity management. 

 

Where will security investments focus next?

 

Looking beyond the GISS survey, we expect to see investment in even more sophisticated capabilities in 2014. This will happen either via third-party Internet monitoring and analysis, as the GISS study substantiates, or with in-house analysis via ‘big data’ analysis tools that provide context from outside the enterprise.

 

The following Security Maturity model² can help assess where security capabilities will head next, and more importantly, provide a framework around which you can honestly assess your own capabilities.

 

 HP security maturity model.jpg

 

Why would a company want to invest to become more agile in their Security response?  The 2012 HP Ponemon Cost of Cyber Crime Study shows that the longer it takes to resolve a breach, the more costly it becomes.  Companies ideally want to prevent attacks—not just identify them when they occur.  This requires a different mind-set where context and external data provide offensive insight to potentially prevent attacks.  I think investments will continue to evolve toward these more predictive, analytics-based approaches as security programs mature.

 

Are you confident in your security program?  Does your confidence align to where you are on the security maturity curve?  Are you looking ahead to prevent attacks?  Or are you catching up with basic defensive and compliance capabilities?  HP Enterprise Security Products can help you get ahead of the curve.

 

 

 

Sources: 

¹2013 Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September 2012

²Security Maturity model – developed by Cindy Blake within HP’s Enterprise Security Products group

 

 

 

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.