Will $1 trillion in cybersecurity spending be undone by complexity?

Currently outdated security measures are struggling against rising threats though the right investments and security strategies can easily rectify this.

The consensus is clear: cybersecurity is a major challenge and key budget priority for businesses. According to the Cybersecurity Market Report, worldwide spending on cybersecurity will top $1 trillion for the five-year period from 2017 to 2021. A recent global survey by Citrix and the Ponemon institute found that 98% of businesses will spend at least $1 million in the coming year on security. But how much good will all this investment do if organizations remain vulnerable to rising cybercrime and can’t keep pace with disruptive technologies or compliance challenges? 

Traditional security reaches the breaking point 

The Citrix-Ponemon study paints a stark picture of the failure of traditional security approaches to reduce risk in a fast-changing world. The chief culprit: complexity. Organizations today are more dynamic than ever, reshaped by mergers, acquisitions, expansion and contraction, and also more fluid, as partners, contractors, consultants and outsourcing providers become integrated into core business functions. At the same time, IT trends like bring-your-own-device, cloud services, shadow IT and line-of-business control over provisioning have transformed the enterprise environment. These practices can drive considerable business value—but they also pose tremendous new challenges for security. A full 83 percent of survey respondents said that the complexity of business and IT operations leaves them vulnerable.   

Legacy security infrastructure may have served adequately in the days of corporate-owned, desktop-bound endpoints, when access to resources was limited to enterprise networks, but device security and a hardened perimeter simply aren’t enough to ensure effective protection anymore. As a result, organizations report a litany of critical security gaps:   

  • 64 percent of survey respondents reported that they have no way to reduce the inherent risks of unmanaged data
  • 71 percent are unable to control employees’ devices and applications
  • 76 percent consider the integration of third parties into internal networks and applications to be a huge risk factor
  • Only 48 percent have security policies in place to ensure that employees and third parties only have the appropriate access to sensitive business information

IT leaders have few illusions about the effectiveness of the technologies they’ve turned to in the past. Seventy percent of survey respondents had made security investments they’ve been unable to deploy, and the same number report being stuck with existing security solutions that are outdated and inadequate.   

Personnel issues also play a role. Businesses need skilled staff to plan how they’ll reduce risk and improve the security of apps and data, and 72 percent of those surveyed said that an improvement in staffing will improve their overall security posture and reduce risk. However, only 40 percent were successfully hiring knowledgeable and experienced security practitioners. This is understandable; the talent pool is small and hiring is intensely competitive. Still, if you can’t fully staff your existing security strategy, it’s time to evolve a new one—fast.   

Spending more—or spending smarter?   

It’s clear that more effective security solutions are urgently needed; if existing investments are falling short today, how will they fare as new technologies further transform the enterprise environment? Indeed, 65 percent of respondents believe that an improvement in technologies will improve their overall security posture and reduce risk. 

To avoid seeing even more budget go to waste while leaving the business at risk, it’s essential to understand that security isn’t about spending the most money—it’s about spending the right money. The first step is to recognize why traditional approaches have proven ineffective. Add-ons designed to secure a single entry point or data store only add complexity and address only point problems, leading to an unmanageable patchwork that inevitably leaves gaps and can’t hope to keep up with fast-evolving threats.   

Today, we need solutions that can protect against familiar threats and keep up with new and emerging threats to sensitive business and personal information—all without undermining productivity or impeding legitimate access. That means going beyond point solutions and adopting a holistic approach based on a  more flexible IT security framework—one that extends beyond traditional fixed end-point security approaches to deliver threat detection and protection of apps and data at all stages, in use, in transit and at rest, no matter where they’re used, on any device.   

From point solutions to infrastructure-level security 

To encompass data and apps in all usage scenarios and keep them out of reach of malicious actors, the new security mindset must go beyond point solutions and focus on IT infrastructure itself. At the product or solutions level, this means virtualization of applications, desktops and networks; centralization of data to avoid exposure to risk on endpoints; and layered security on data sources to control access. When security is built into the core technologies that power the infrastructure, security becomes both simpler and more flexible, and IT can maintain protection even as data and applications are used in new ways.   

A more secure infrastructure also helps mitigate the impact of the talent shortage. Instead of trying to out-staff your security challenges—a doomed effort in a tight employment market—you can get more out of your available staff through measures like centralization and automation. Emerging technologies like machine learning and the Internet of Things (IoT) can help protect against both old and new threats, using pattern recognition to stop threats that may not have been identified yet. Measures like these make it possible for even an IT practitioner with no particular security expertise to play an effective role protecting data and applications.   

As the Citrix-Ponemon study shows, this is a perilous time for businesses, as outdated security measures struggle to hold against rising threats—but the right security strategy and investments can change the picture quickly. By building security into the very DNA of IT infrastructure, organizations can stop wasting money on ineffective point solutions while better protecting their customers and their own sensitive business information.  At that point, the organization is better prepared for anything the future brings—with a way to ensure secure application and data delivery no matter what new threats arise, and no matter what new opportunities the business chooses to pursue. 

Tim Minahan, Senior Vice President & Chief Marketing Officer, Citrix 

Image Credit: Den Rise / Shutterstock

ABOUT THE AUTHOR

Tim Minahan is SVP and CMO at Citrix, where he leads global marketing strategy and operations for the company’s vision of securely delivering the world’s most important apps and data to enable people and businesses to work better.