F5 Networks 2013 RSA Security Trends Survey
March 4, 2013 No Comments
Survey Overview
On Tuesday, February 26, F5 Networks conducted a survey on the exhibit show floor during RSA 2013. Conference attendees were asked two initial qualifying questions about their role within their organization and how much their job involves the management and implementation of security to ensure the validity of the survey results. More than 150 qualified respondents were then asked a total of five questions surrounding security trends.
The survey revealed that organizations are struggling to keep pace with the changing face of security. Virtualization, BYOD and shifts in IT infrastructures and applications along with the complexity of attack types are driving new threats. IT admits that these threats are beyond the scope of traditional safeguards. As such, IT reports that their general security readiness is subpar.
KEY FINDINGS
Security is changing, from the type of threats to those driving the threats.
When asked what security trends have the greatest impact on an organization’s ability to achieve the level of security it desires, respondents answered:
- * Virtualization (73 percent)
- * The increasing complexity of threats (ex: Distributed Denial of Service attacks) (72 percent)
- * BYOD (use of employee-owned devices such as smart phones for business use) (66 percent)
- * The change in the bad guys (from hackers to espionage and political motivation) (62 percent)
- * The shift from data center focused infrastructure to cloud-based infrastructure (61 percent)
- * The shift from traditional client-server applications to web-based applications (60 percent)
Importantly, these trends are quite common in the respondent’s organizations. In fact, between 58 and 75 percent of all organizations are seeing these trends:
- * BYOD (use of employee-owned devices such as smart phones for business use) (75 percent)
- * Virtualization (74 percent)
- * The increasing complexity of threats (ex: Distributed Denial of Service attacks) (66 percent)
- * The shift from data center focused infrastructure to cloud-based infrastructure (66 percent)
- * The shift from traditional client-server applications to web-based applications (64 percent)
- * The change in the bad guys (from hackers to espionage and political motivation) (58 percent)
Threats are moving beyond the capability of traditional security safeguards.
There are a wide range of IT trends that are making security more complex. Below are the percentages of respondents who felt traditional safeguards were less than adequate in protecting against threats caused by a variety of current IT trends:
- * The shift from traditional client-server applications to web-based applications (44 percent)
- * The shift from data center focused infrastructure to cloud-based infrastructure (49 percent)
- * BYOD (use of employee-owned devices such as smart phones for business use) (45 percent)
- * Increased external threats (Spam and Malware) (39 percent)
- * Increased pace of patches issued for OS and applications (39 percent)
- * Increasing complexity of threats (ex: Distributed Denial of Service attacks) (48 percent)
- * The change in the bad guys (from hackers to espionage and political motivation) (47 percent)
- * Increasing insider threats (49 percent)
- * Expanding complexity of SSL certificate management (53 percent)
BYOD is seen as critical in an organization’s ability to achieve the level of security it desires, yet organizations are not taking the appropriate steps to address it.
- * Most (75 percent) see BYOD as being prevalent in their organization
- * Furthermore, two-thirds (66 percent) see BYOD as having a somewhat to extremely high impact on security
- * Despite this, fully one-third (35 percent) say they are not prepared to provide adequate security to protect against threats associated with BYOD
Organizations are unprepared to properly address the shift to web-based applications, and to cloud-based infrastructure.
- * 64 percent of respondents see the shift to web-based applications as a security trend, yet 37 percent of respondents’ organizations are not providing adequate security to protect against potential threats
- * 66 percent of respondents see the shift to cloud-based infrastructure as a security trend, yet 49 percent of respondent’s organizations are not providing adequate security to protect against potential threats