The biggest challenge for organizations is prioritizing, understanding and addressing vulnerabilities in a business context, according to an AlgoSec survey conducted during RSA Conference 2014. Almost all respondents believe that business stakeholders should “own the risk” of their critical applications.
Convoluted security processes threaten productivity and lead to outages
Nearly two-thirds of respondents reported that manual processes, limited visibility into security policies and poor change management practices posed the greatest challenge when managing network security devices. Almost 20 percent of respondents raised the issue of poor communication among key stakeholders across development, security and operations groups, an 80% increase from last year. The inevitable mistakes that arise in this environment create consequences for a growing number of organizations: more than 80 percent experienced network or application outages as a result of out-of-process changes, up from just over half in 2012.
Insiders continue to pose the greatest risk, but third party vendor security raises significant concerns
Nearly three-quarters of organizations rated accidental data leakage or malicious behavior by insiders as their number one risk, up from less than two-thirds last year. Also, half of respondents who outsource management of security controls or sensitive information were less than confident in their provider’s ability to provide protection.
Pace of cloud adoption picks up, despite concerns about connectivity and security
Last year one in five organizations expected to move more than 40% of their business applications to the cloud; this year more than 15% already use cloud hosting for the majority of their applications. While the advantages have three-quarters of organizations using cloud hosting to some degree, three out of five still worry about ensuring application availability and security with off-site data centers.