“The Need for a New IT Security Architecture: Global Study”
As we’ve seen from the last year’s headlines, cyber attacks happen by the minute, and in our industry on the whole, they’re not being handled adequately. To get a better view of why that is, we teamed up with the Ponemon Institute to find out what’s holding up businesses from appropriately addressing security issues.
As a company that holds security near and dear to its heart, Citrix wanted to get to the bottom of this and prove that a new security infrastructure is needed. Here’s what we found and how businesses can take smarter steps to protect their most sensitive information — even while threats are on the rise and more employees are going around security practices and policies because they’re too complex.
While cyber attacks over the last 18 months have drawn a significant amount of attention to security, we still have a long way to go in teaching employees about security best practices, sharing information among the intelligence community, and with bringing security infrastructures up-to-date. The demand for devices and anytime, anywhere access often trumps security fears these days. No one can afford to assume that a device or a network is inherently safe. Our survey found that:
- Eighty-three percent of respondents say their organization is at risk for security breaches because of the complexity of business and IT operations
- Seventy-four percent of businesses say a new IT security framework is needed to improve security posture and reduce risk
- Seventy-nine percent are worried about security breaches involving high-value information
Business and IT complexity are leading to more employees circumventing security policies and sanctioned apps. Bottom line, if it’s too complex, employees will find a way around it in order to do their jobs effectively and according to their own preferences.
So, how do we get back on track and get employees to follow the security rules? In short: virtualization, containerization, enterprise mobility management and visibility. Containerization affords employees anytime, anywhere access on their device of choice while still protecting any apps and data accessed. Virtualization allows for information to be delivered at the pixel level, ensuring it doesn’t leave the data center. Combined, using these can significantly reduce the available attack surface, since information is delivered only via the secure channel and can be revoked or removed at any time. Another way to keep apps and data under your control at all times is to implement strict identity and access management protocols to establish trust and grant contextual access based on device, location, and network, while increasing visibility into your system for better system logging and to give IT a single-pane-of-glass view. Without it, your business will be stuck in the dark ages as more new technologies surface in the workplace.
Security fears will continue to be a barrier to adopting emerging technology
Our survey found that businesses aren’t prepared for the security risks brought by emerging technologies like IoT. According to the results:
- Seventy-five percent say their organization is not fully prepared to deal with the potential security risks resulting from “Internet of Things”
- Seventy-one percent say there is risk from their inability to control employees’ devices and apps
- Seventy-three percent say data management, seventy-two percent say configuration management, and seventy-two percent say app management are the keys to reducing the security risk over the next two years in building a new IT infrastructure.
These security fears around emerging technology have certainly bubbled up this past year, coupled with several attacks that made headlines – only increasing fears. However, it is often the simplest of security tricks that can make adopting emerging tech easier. The ABCs of security can’t be ignored just because users feel they need the device and that it should come with all the fancy security features and capabilities already turned on. In reality, it’s the user or the IT department’s job to turn these features on. In a global security framework, SecOps teams need to make sure these features are compatible with company policies, strictly enforced and that a monitoring and response system is in place should a threat surface occur – internal or external. Change devices or hardware passwords immediately, give devices that aren’t as hardened their own network, implement identity management over access permissions to strengthen your security posture and, above all, educate your workforce about safe security practices – especially when new devices come out, or when a vulnerability or patch is discovered. Emerging technology doesn’t have to be scary. We can learn from mistakes made with cloud computing and reduce attack surfaces before it’s too late.