A significant number of challenges lie ahead for companies that want to protect their data and assets from security and privacy violations. However, confidence levels and planned projects show that respondents and their organizations feel up to the task and are generally comfortable with the tools and practices at their disposal. Outsourcing of security functions, where used, can greatly assist in these efforts by giving IT staff more opportunities to protect the organization rather than performing rote or low-level tasks.
In contrast to results reported in our 2013 survey, both small and large companies alike are now improving their IT security controls. Large scale companies were decreasing budgets then, but few organizations of any size are doing so now - even with outsourcing and better security programs in place.
Information assurance and risk management were key company initiatives in the 2013 survey. Information assurance remains a priority but has been supplanted by internal and external threat monitoring/detection, which are seen as more urgent tasks in today’s security landscape.
Security operations in 2015 will continue to focus on risk management and gaining control over environments so that threats can be identified and blocked in real-time (or better yet, potential violations can be closed off before any sign of trouble occurs).
Lack of employee awareness and BYOD management still remain some of the most consistently highest-ranked security challenges, and it is clear this is an urgent priority to which all companies should attend. Training and employee awareness will be a key factor for organizations that wish to stay ahead of the curve. As is often the case in business, a blend of human and technological efforts will be the recipe for success in securing companies.