In order to assess the state of information security management and operations in 2012 and beyond, ESG surveyed 315 security professionals working at enterprise-class (1,000 employees or more) organizations in North America. All respondents were personally responsible for or familiar with their organizations’ 2011 information security strategies as well as their 2012 IT security budget and spending plans at either an organizational or business unit/division/branch level.
The Senate Homeland Security and Government Affairs (HSGAC) introduced a new cybersecurity bill last Thursday. According to ESG Research around Advanced Persistent Threats (APTs), security professionals believe it's time to stop debating and pass legislation.
IT security management and operations is evolving rapidly to address new types of threats and support IT initiatives like BYOD, cloud computing, and infrastructure virtualization. A new ESG report examines how security challenges, successes, and strategies affect people, processes, and technologies. ESG used its survey data to categorize large organizations as security management "leaders," "followers," or "laggards." Only 19% of enterprises can be considered "leaders"—the vast majority are extremely unprepared and remain vulnerable to cyber attacks.
Yes, there is plenty of hype surrounding BYOD and mobile device security but new ESG Research identifies a number of real problems facing enterprise organizations. Mobile devices are introducing new risks that must be addressed in a comprehensive manner.
I am usually pretty skeptical about industry rhetoric and emerging trends but new ESG Research data has me convinced that large organizations will soon require big data security analytics technologies. Why? Risk management, continuous monitoring, and incident detection needs will drive big data security into the enterprise mainstream.
The Advanced Malware Detection/Prevention (AMD/P) market is focused on APTs and composed of a number of specialized vendors and products. It will continue its explosive growth and remain an independent market segment over the next few years.
Security skills are in short supply and difficult to hire. As a result, large organizations are turing to security services as an alternative. Good news for security service providers but security product vendors and CISOs must think through the implications of this trend.
Why aren't more people talking about the information security skills shortage? ESG data indicates it is pervasive and seems to be getting worse.
Beyond swimming, running, and jumping, the London Olymipics could present a few challenges for IT infrastructure and security.
ESG research consistently reveals that the majority of enterprise organizations are not where they should be in terms of risk management, incident detection, and incident response.
I've spent a fair amount of time lately on BYOD, mobile devices, and related issues around information/cyber security. Yes, we are still firmly in the hype cycle but some mobile device security patterns are starting to emerge.
Over the past few years, a number of independent Security Information and Event Management (SIEM) vendors were acquired by bigger players. In late 2010, HP scooped up market leader ArcSight for $1.5 billion. Last year, McAfee purchased Nitro Security while IBM acquired Q1 Labs.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188