Brian Honan, CEO at Dublin, Ireland-based BH Consulting, agrees. "A greater adoption of cloud computing for enterprise applications and projects is the first reason," Honan says. "This is moving many large IT projects away from being solely IT budget items to items shared with business units," he says.
But data need to be comprehended to be useful. "The issue is not how much data you are getting, or how you look at data in new ways, but how effective is the information you get and how can you act on it? Pretty visualizations and pie charts don't protect your systems. Good actionable information does," says Honan.
One thing is certain: as more data is spread through on-premise clouds, mobile devices, and third-party providers, CISOs are going to need all of the information about how their data are being used, who is accessing them, and where they're going as they can get their hands on.
The rush to data-driven security
Perhaps the rising costs of breaches, the increasingly high profile of information security, and better insight from security-related data will have a positive impact on how enterprises successfully defend and respond in the years ahead. Many certainly are pinning more on increased insight through data. This year (the first time the survey question was asked), 64 percent of respondents reported that they use big data analytics to improve their security programs. And for those that do use big data analytics, 55 percent said that it can help in detecting incidents.
Malik isn't convinced that those results are reflective of the real-world use of big data analytics -- certainly not as it's broadly defined. It's clear, however, that businesses of all sizes are using data more. They are reading their logs more. They are turning to their security information and even monitoring tools, and they're looking at the data they are collecting in a more intelligent way.
Given that broad definition of security analytics, it's accurate to contend that anything from basic log analysis to intrusion-detection event alerts and up through sophisticated big data analytics fall under the umbrella of "security analytics" by many. Yet, Rothman argues that most enterprises heading down this path have yet to reach a level of maturity where their security data analytics efforts are improving their operational effectiveness. "I just don't think that many of these companies have figured out how to leverage those data more effectively. But they are certainly trying. That is clearly an area of increased investment in the industry," says Rothman.
Doing data right
How do enterprises do better with data? The solutions are straightforward, but not necessarily simple. "There are two approaches to figuring out what is happening in your environment. One is threat modeling. You determine what your valuable data are to potential adversaries. Determine the ways those adversaries could potentially get to those data. When that's complete, build a threat model around it and enumerate the monitoring analytics that are in place to look for those specific attacks," says Rothman.
Sign up for CIO Asia eNewsletters.