Survey of RSA Attendees Shows General Security Readiness Lacking

By | March 11, 2013

Posted in: Network Security Trends

Trapping thousands of security professionals in a room is a great way to gauge which way the industry winds are blowing.

At RSA, F5 Networks chose to harness this massive amount of infosec brain power to conduct a security trends survey. They posed two qualifying questions to booth visitors to ascertain whether these practitioners had any management responsibilities or sway over what security measures their organization implemented. Once they whittled down the pool, they asked the more than 150 qualified respondents five questions surrounding security trends.

Greg Maudsley, Sr. Product Marketing Manager at F5 Networks, told Security Bistro that the survey underscores what he has been hearing from customers and partners across the globe.

When asked what security trends were having the largest impact on their organization's ability to achieve an optimal level of security, 73 percent said virtualization, 72 percent cited the increasing complexity of threats (i.e. Distributed Denial of Service (DDoS) attacks) and 66 percent mentioned Bring Your Own Device (BYOD) -- and the threat associated with personal devices -- as a big concern, according to the findings. Respondents were able provide more than one response from a series of multiple choice questions, hence the inflated percentages. The responses, though not scientific, provide some insight into concerns that other survey results have supported

While virtualization was cited as the biggest threat, only 44 percent felt their enterprise was sufficiently able to handle the security risks associated with, what Maudsley called, the "webification of applications," which helps organizational productivity but provides new attack vectors for hackers.

But how prepared are these enterprises? Not very, according to the results. Only 48 percent said they had adequate protection against complex threats (like DDoS), while 49 percent said their safeguards were less than adequate when dealing with both insider threats AND the shift from data center focused infrastructure to cloud-based infrastructure.

BYOD, according to Maudsley, proved to be a biggest topic of discussion on the expo floor.

"It was surprising that although BYOD was the most prevalent security trend (75% of respondents are seeing it), only 66% feel it has the greatest impact on organization’s ability to achieve the level of security it desires. We feel this 9% gap is due to some organizations having adopted legacy device-centric BYOD technologies which combine mobile device management with layer 3 VPN device connectivity," said Maudsley. "Although the device-centric approach is secure, it is heavy-handed for employees and creates unnecessary overhead for IT. By taking a more application and data-centric approach to BYOD, we feel more organizations will be able to effectively address personal devices on their networks while preserving the separation of corporate and personal apps and data, thus increasing productivity and reducing IT’s burden. We expect to see the gap widen next year as businesses use mobile application management and app tunnels to minimize the risks associated with this very prevalent trend."

Going forward, it would seem that IT security pros have their work cut out for them, especially considering the findings of some recent security jobs surveys.

A new report released last week by Burning Glass Technologies, a developer of intelligent job market technologies, portends some difficult times ahead for IT security recruiters. They found, based on a five year study cyber security job listings, that demand for these positions is growing at a torrid pace, 3.5 times that of the traditional IT profession AND 12 times faster than the overall labor market, making it hard of recruiters to fill the necessary slots.

The recent (ISC)² 2013 Global Information Security Workforce Study confirms this talent shortage and its impact on organizational readiness, finding that the "major shortage of skilled cyber security professionals is  negatively impacting organizations and their customers, leading to more frequent and costly data breaches."

No so, Maudsley told Security Bistro. He had a different take on these new studies, maintaining that this dearth of talent will lead to more innovation.

"The lack of experienced IT security professionals is helping drive organizations to simplify their application and access security infrastructure. Complexity and heterogeneity are the enemies of security, " Maudsley told Security Bistro. "With them come more devices, more operating systems and more policies. This in turn leads to more vulnerabilities, more room for human error, and more experts required to deploy, configure, troubleshoot, and maintain systems. With fewer experts available to oversee such complex solutions, organizations are looking for more elegant ways to address their security concerns; providing security better, in a more automated fashion, with fewer devices and operating systems."

You May Also Be Interested In: