CompTIA’s 10th Annual Information Security Trends study comes at a time of dramatic change in the IT industry. Cloud computing, mobility and Big Data are altering the landscape and ingraining technology in business operations like never before. Yet security remains a high priority, even among these more trendy topics. Four out of five companies place a higher priority on security today than they did two years ago, and PricewaterhouseCoopers estimates that global cybersecurity spending hit $60 billion in 2011.
The hot trends in IT are certainly influencing security practices. The top three items that are impacting security today deal with cloud computing, mobility and social networks. A growing number of companies are reviewing the security practices of their cloud provider, with 80 percent of cloud adopters confident or very confident in their provider’s security. As companies build mobility policies, they are focusing on aspects that help secure data and devices – and the use of intelligent sensors and machine-to-machine (M2M) systems is becoming a consideration along with smartphones and tablets. Finally, 51 percent of companies believe the rise of social networking is impacting security practices. This represents an increase from last year and highlights the prominent part that end-users are playing in security.
End-users are important because the human element is playing a larger part in security breaches. Not only does it contribute to over half of root cause of breaches, but 46 percent of companies also see it becoming more of a factor over the past two years. The top source of human error is end-user failure to follow procedure. It is difficult for a product to adequately address this issue, so companies must consider new ways of educating their workforce. Instead of one-time training, companies should build programs that are ongoing and interactive, with metrics that track effectiveness.
Another source of human error could be the IT staff. While nearly 6 out of 10 companies believe their staff has the appropriate level of expertise, companies are aware that there are skills gaps in areas such as cloud security, mobile security and data loss prevention. These gaps can be closed with training and certification – 84 percent of companies report a positive ROI from certifying their staff.
The IT channel can also play a role in improving the security posture for organizations. Three-fourths of channel firms are involved in security in some form, with 18 percent offering security as a stand-alone product or service. As with other areas of technology, channel firms are looking for ways to offer security in a recurring revenue model. This could be offering cloud security products in place of traditional on-premises hardware or software, or it could be offering security as a managed service. Education for end-users represents a prime opportunity here if channel firms can build effective, ongoing training programs. Addressing this important topic is also good business: 66 percent of channel firms involved with security expect security-related revenue to grow in the next year, with 16 percent expecting significant growth of 10 percent or greater.