Data infrastructure optimization, availability & security software
Data integration & quality software
The Next Wave of technology & innovation

Key Data Points from Syncsort’s Annual Security Survey – Part 1

This article on Syncsort’s Annual Security Survey was originally published in Enterprise Tech Journal. Part one of this two part post covers IT priorities, top security challenges, regulatory requirements, and confidence in a security program.

In 2018 we saw multiple security regulations become effective – most notably the European Union’s General Data Protection Regulation (GDPR). As a result, businesses already grappling with increasingly sophisticated cybersecurity attacks now must contend with additional regulatory requirements.

To check the pulse of IT teams managing security, Syncsort surveyed over 300 IT professionals on the state of security in their organization – and it’s not surprising that the “growing complexity of regulations” was ranked as the #1 security challenge for 42% of the respondents in the year ahead.

The survey included IT professionals who are familiar with the IBM i platform to understand their top challenges, strategies, technologies, and best practices regarding the security of that environment and the business-critical applications and data that reside upon it. Not surprisingly, the results for organizations with IBM i systems closely mirrored those with other systems including IBM z. We hope the results will be illuminating to all IT professionals who will be administering or otherwise overseeing security at their organization during 2019. Here are the IBM i specific results (see figure 1).

Annual Security Survey
Figure 1: Participants in the survey represented a range of industries including government & public safety, education, financial services and healthcare, with 60% at companies with 500 or more employees.

IT Priorities

Perhaps it’s not surprising that security is the most frequently reported IT priority among all respondents for the coming year (see figure 2). The increasing sophistication of attacks and the expanding number of compliance regulations have many companies giving added attention to security. In fact, IDG in a recent CIO magazine poll revealed that the technology category expected to see the largest budgetary increase at companies during 2019 is cybersecurity. The results of the same survey cited 83% of CIOs as saying that security breaches could have an impact on their organization during the next 12 months—a rather sobering statistic.

Figure 2: The growing number and sophistication of cyber-attacks and the increase in government regulations made security the top IT priority for 2019.

Top Security Challenges

When respondents were asked their top three security challenges, the results were diverse, with many you might expect at the top of the stack. “Growing complexity of regulations” (25%) and “Increase in sophistication of attacks” (16%) are two of the top concerns, which perhaps isn’t surprising. Topping the list, “Adoption of cloud services” (26%), is reflective of the statistic in the previous section that shows cloud computing to be among the top IT priorities during the coming year. A company’s utilization of cloud services certainly comes with its own unique security challenges. Beyond the cloud, the chart points to similar challenges associated with securing data that exists outside the snug confines of the IBM i—for instance, “Data being increasingly distributed” (23%) and “Securing data from new internal/external sources” (20%). Not far down the list are other challenges related to staff, budget, training, and complexity.

The Essential Layers of IBM i Security

Regulatory Requirements

As indicated in the previous section, the growing complexity of compliance regulations was cited as the second biggest challenge related to IT security. Underscoring this is the fact that 34% of respondents said in another of our survey questions that within the past three years their organizations became subject to one or more new government or industry regulations that include cybersecurity requirements (see figure 3).

Given the industries corresponding to common verticals running IBM i, it certainly makes sense that SOX, HIPAA, and PCI-DSS are among the regulations most cited as affecting the companies of respondents. Near the top is also GDPR, a regulation that went into effect for many companies during 2018. The number of companies needing to comply with GDPR is large because it affects most companies that do business in the E.U. and/or keep data on E.U. citizens.

Most regulations keep evolving to address new threats—thus the concern about their growing complexity—and there’s likely to be no slowdown in the rollout of new laws. New York just launched strict new data protection regulations (23 NYCRR 500) that affect financial services companies operating in the state, and other states are threatening to follow suit. The California Consumer Privacy Act goes into effect in 2020 and will compel companies there to protect sensitive consumer data in similar ways to GDPR. And there is talk in Washington, D.C., of possible legislation at the national level to address data protection and privacy concerns.

Figure 3: SOX, GDPR, HIPAA and PCI-DSS were the most common regulations organizations must comply with. Note that only the four most frequently selected regulations are shown above. In addition, this was a select-all-that-apply question; therefore, the results don’t total to 100%.

Confidence in Security Program

When looking at the level of effectiveness of corporate IT security programs across survey respondents, at first glance it appears confidence levels are fairly high with 84% saying they are either very confident (30%) or somewhat confident (54%) (see figure 4). However, the large percentage of those in the “somewhat confident” category is a possible cause for concern. In light of increasing security challenges and the enormous cost and disruption of a breach, it begs the question, is being somewhat confident sufficient? The security survey data that’s covered in the following pages of this article, particularly around the occurrence of breaches and the frequency/type of security audits, is revealing in this regard as it points to a possible disconnect. 

Annual Security Survey
Figure 4: Most (84%) respondents were very or somewhat confident in the organization’s security, but much more were somewhat confident than very confident. Is that good enough? In fact, further results show an interesting relationship between confidence and the number of breaches and frequency of security audits.

Take a look at part two where we cover security breach impacts, the frequency and effectiveness of security audits, present and future investments in security, and some recommendations on areas to strengthen.

For more on security, make sure to check out our white paper on The Essential Layers of IBM i Security.

Related Posts