Site icon BLOGS

Security Trends and Strategies for our Complex Digital World

by Mike Orosz, Director, Threat and Investigative Services, Citrix

You don’t need a research analyst to tell you how complex IT security is getting—you experience it every day. But the latest stats can be useful nonetheless, providing insight and nuance to understand the nature of the challenges and how best to address it. As a trusted security resource for our customers, it’s part of our role at Citrix to provide the information you need to develop the right security strategy for your business—manageable, cost-efficient and, most importantly, durable and reliable for the long term.

 In this spirit, this blog presents a wealth of research findings and analysis that Citrix invites you to consider and use in your written material such as blogs, whitepapers, etc. Read, explore, share, ponder—it’s all valuable material to help you protect your organization in the digital era. Our only ask is that you cite Citrix with the following reference when you use these stats: “The Need for a New IT Security Architecture: Global Study from Citrix and the Ponemon Institute.” Now please read on and enjoy!

Cloud, mobility, BYOD, IoT, GDPR—help!

A recent global survey conducted by Citrix and the Ponemon Institute (The Need for a New IT Security Architecture: Global Study on the Risk of Outdated Technologies) reads like a litany of pain for everyone involved in IT security. Organizations today are more dynamic than ever, expanding, contracting, merging and acquiring to adapt to changing business needs. The enterprise workforce has expanded to encompass partners, contractors, consultants and service providers, making unified IT control more elusive than ever—while BYOD means that IT can’t even count on full control over the devices used by the company’s own employees. Mobile devices roam across locations and networks, generating security risk every step of the way.

As if user devices didn’t pose enough of a security challenge, Gartner reports that 43 percent of enterprises will adopt IoT as part of their business operations by the end of this year, bringing all kinds of new connected devices into the environment. The Citrix-Ponemon survey found that 75 percent of IT, CISO and business executives report that their organization is not fully prepared to deal with the security risks posed by IoT. They’d better come up to speed fast—experts predict that 2017 will see further DDoS attacks via unsecure IoT devices as well as the rise of IoT ransomware. 

And it’s not just ransomware and other malicious threats that are evolving at dizzying speed. The compliance requirements coming online over the coming year make the rules we’ve already been following seem like kid’s stuff. Have you come to terms with the European Union’s General Data Privacy Regulation (GDPR) yet? If your organization works with even a single customer or individual in the European Union, GDPR will be a very big part of your life for the foreseeable future. Want to get ahead of it? This infographic provides a high-level roadmap.

Complexity kills security

All this complexity is having a dramatic impact on the security profile of enterprises. (If you’re getting demoralized, hang in there—the “what you can do about it” part of this blog is coming soon.) A full 83 percent of survey respondents said that the complexity of business and IT operations leaves them vulnerable. For example:

It’s no exaggeration to say that gaps like these can pose an existential threat, leaving organizations one lapse or breach away from a nightmare of regulatory fines, bad PR, lost customers, damaged business relationships, disrupted operations and more. These days, the security stakes couldn’t be higher [infographic].

Stop investing in yesterday’s architecture

IT leaders aren’t taking the danger lying down. According to the Cybersecurity Market Report, worldwide spending on cybersecurity will top $1 trillion for the five-year period from 2017 to 2021, while the Citrix-Ponemon survey found that 98 percent of businesses will invest at least $1 million in the coming year. But if they’re buying the same kind of solutions as they have been, it’s not going to do them much good. Seventy percent of survey respondents had made security investments they’ve been unable to deploy, and 69 percent report being stuck with existing security solutions that are outdated and inadequate.

 Security professionals do recognize the need for better tools—65 percent of respondents believe that an improvement in technologies will improve security and reduce risk. But what kind? More and more point solutions will only increase complexity and fragmentation while inevitably leaving gaps. What’s needed is a new security architecture designed for the way people and organizations work today.

 To maintain security in every scenario—every device, every network, every user, every resource—you need a holistic framework that protects apps and data at all stages, in use, in transit and at rest, no matter where they’re used, on any device. That means building security into the DNA of your IT infrastructure, implemented through technologies including the virtualization of applications, desktops and networks; data centralization; and layered security on data sources with contextual access policies that allow the right level of usage based on the user’s current profile and situation. This kind of approach can let you simplify and streamline from the 30 – 40 security technologies in place at many businesses to more like three or four—while actually improving protection.

The millennial effect (and boomers and gen-Xers)

While we’re talking about security architecture and technologies, it’s important not to forget the human factor. A staff loaded with security ninjas would obviously help, but that’s an impossible dream in today’s tight talent market; while 72 percent of those surveyed said that an improvement in staffing would improve security, only 40 percent were successfully hiring knowledgeable and experienced security practitioners. You’re going to have to look to your broader enterprise workforce for answers. The first step is to understand who you’re dealing with—and their impact on risk.

 We hear a lot about millennials these days, but keep in mind that the enterprise workforce is still well-stocked with gen-Xers and baby boomers as well. The diverse behaviors of these groups have direct implications for your approach to security. Consider:

 Part of IT’s mission is to empower users of all types to work productively without undermining security. We recommend a complete approach based on five essentials:

You can learn more about security for the multi-generational workforce in this blog, “All Generations, All Risks, All Contained: A How-To Guide.

Yes, security poses a daunting challenge in our changing world. But it’s not insurmountable. In fact, the right approach can make security simpler than every—as well as more comprehensive and effective. Citrix is here to help. To explore further, you can start by visiting our Citrix.com/secure page.

Mike Orosz
Director, Threat and Investigative Services, Citrix

Exit mobile version