As enterprises accelerate their use of cloud computing, online services, and ready themselves for internet of things deployments, they are finding themselves strained to find the cybersecurity talent and security tools needed to secure these efforts. That’s one of the most important takeaways from the Global State of Information Security Survey (GSISS) 2017 -- a worldwide study conducted by PwC, CIO and CSO released today.
According to the GSISS survey, 59 percent of respondents say they are boosting their security spending as a result of their increased use of digital technologies, and retooling their business models to provide customers, employees, and partners evermore digital services and apps. These security efforts include increased investments in cloud computing environments, data monitoring, as well as managed security services. The survey was conducted online from April 4, 2016 to June 3, 2016.
The survey found the cybersecurity spending priorities for respondents for the next 12 months to be considerable: improved collaboration within the business (51 percent), secure changing business models (46 percent), and secure their IoT deployments (46 percent).
The broad business adoption of cloud computing outside of software development and IT continues to remain strong. While IT, not surprisingly, at 63 percent is the single largest business unit that runs functions in the cloud, others such as finance (32 percent), marketing and sales (34 percent), customer service (34 percent), and operations (35 percent) are catching up in how many business functions they run within cloud-based environments.
As these enterprise adoption trends toward cloud, mobile, and IoT accelerate, so does the impact they each have on security spending. “Security spending tends to be driven by threat changes in the short run, business technology changes take longer to impact spend, and the increased use of cloud is having the biggest impact,” says John Pescatore, director, emerging security trends at the SANS Institute.
Javvad Malik, security advocate at AlienVault and former security analyst at 451 Research, adds that part of the trend underway includes using cloud, mobile, APIs, and data to improve customer experience in intuitive ways. As a result, IT security operating models have had to change, or adjust to take into account this new reality. Perhaps the biggest change this has incurred in is abstracting security controls from the technology and more importantly away from the customer,” Malik says.
How is this being done? Malik says through increased investments in monitoring, behavioral analysis, and awareness tools. “These allow businesses to continually innovate without security being a bottleneck - and security can keep an eye on the operations,” he says. The survey found 63 percent of enterprises are running IT services in the cloud, 62 percent are using managed security services, and just over half say they are currently using security analytics.
Sign up for CIO Asia eNewsletters.