Although 71% of respondents think that security should be equally, or even more important than business flexibility, users just find backdoors to do their job
Balabit, a leading provider of contextual security technologies, today unveiled the results of its pan-European survey into the current state of IT security.
The survey looked at how organizations balance IT security and business flexibility; whether they choose to be more secure by implementing additional controls that might hinder productivity or prefer to have flexible business operations. It also looked at how a promising business opportunity changes the game.
Balabit asked 381 IT executives, CIO’s, CISO’s, auditors and other IT professionals including but not limited to the UK, France and Germany, about their thoughts on IT security and business flexibility. When asked about their preference if they need to choose between IT security and business flexibility, 71% of respondents said that security should be equally or more important than business flexibility.
What happens when money comes into the picture?
The same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life. In this situation security just goes out of the window with 69% of respondents saying they would take the risk, while only 31% said they would not.
“These results show that organizations have a long way to go to balance security and business” said Zoltán Györkő, CEO at Balabit. “They demonstrate that while security overload may be tolerated during normal business, when it comes to big deals the respondents would not hesitate to bypass security to win business. It is important that this is recognized as an issue and dealt with accordingly.”
In order to provide a healthy balance of IT security and business flexibility in practice, organizations require IT security solutions that do not impose onerous processes on users. When processes are bypassed by an insider, or indeed by someone that has gained fraudulent insider access, there is an escalated risk of privileged account misuse.
According to the latest Ponemon Institute Research criminal insiders cause the most data breaches. Because insider misuse cannot be spotted by existing control based security tools, a different approach is required.
“The survey shows that security strategies must take into account human behavior” continued Györkő. ”Today’s static control solutions can only go so far. Security teams must have visibility of the context of user actions to be able to respond effectively, and any additional tools must be transparent to the business workflow. We believe that a monitoring based approach that enables companies to respond to suspicious activities in real time can make IT security more business friendly; that is why we developed our Contextual Security Intelligence Suite.”
[su_box title=”About The Survey” style=”noise” box_color=”#336588″]BalaBit surveyed 381 conference attendees at the EIC (European Identity & Cloud conference 2015) in Munich, InfoSecurity in London and Moscow, Les Assises in Monaco, Confidence and IDC Security Roadshow in Poland. IT executives, auditors, CIOs, and CISOs participating in this survey represented organizations including the telco, finance, government and manufacturing sectors.[/su_box]
[su_box title=”About BalaBit” style=”noise” box_color=”#336588″]
Balabit’s Contextual Security Intelligence™ Suite protects organizations in real-time from threats posed by the misuse of high risk and privileged accounts. Solutions include reliable system and application Log Management with context enriched data ingestion, Privileged User Monitoring and User Behaviour Analytics. Together they can identify unusual user activities and provide deep visibility into potential threats. Working in conjunction with existing control-based strategies Balabit enables a flexible and people-centric approach to improve security without adding additional barriers to business practices.
Founded in 2000 Balabit has a proven track record including 23 Fortune 100 customers amongst over 1,000,000 corporate users worldwide.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.