The bad guys are pretty relentless. It doesn’t really make sense to rely on security measures that are only periodic or validate security at a given point in time. You need to use continuous monitoring and continuous security to be consistently vigilant against potential threats:
Defending data isn’t easy. If it were, we wouldn’t see new data breach headlines on a weekly—or sometimes even daily—basis. That said, defending data also isn’t rocket science. A new report from Nuix highlights some of the major concerns with protecting data, and also illustrates some of the ways in which consistent vigilance is half the battle.
The Nuix report, compiled by principal researcher Ari Kaplan, covers a broad spectrum of concerns related to data security. Some of the key findings from the report include:
- Increased granularity of security budgets: Respondents report there is a growing trend to specify how the security budget should be broken down and allocated.
- Regulatory impact on spending has doubled: Government and industry compliance mandates continue to take a sizable bite out of security budgets.
- Greater focus on insider threats: More than 70 percent of respondents have some sort of insider threat policy or program.
- BYOD continues to play a role in security: 82 percent of respondents have some sort of BYOD (bring your own device) policy in place. A growing number of companies, however, are prohibiting remote access by employees.
- Cloud adoption slowing: According to the study, about 70 percent of companies are migrating data to the cloud—a number consistent with the previous year—but fewer companies are moving systems or servers to the cloud. More than four out of five respondents agreed that the cloud creates unique cybersecurity concerns, and only 43 percent indicated plans to move systems or servers to the cloud.
What sorts of unique security concerns does the cloud bring? According to the survey respondents, there are a variety of potential issues, such as:
- losing visibility into the management of data
- being at the mercy of the cloud provider’s security skills
- reduced control over access to data; and
- confusion about the privacy/legal issues when a government or law enforcement agency wants to access data.
Read the full post on DevOps.com: Continuous Security Key to Defending Your Data Well.