InformationWeek Reports (http://reports.informationweek.com), a service provider for peer-based IT research and analysis, released 2012 Strategic Security Survey: Pick the Right Battles, a new report featuring results from InformationWeek’s recent poll on IT security trends and strategies. The report informs IT professionals on areas critical to information risk management and provides strategies for handling security challenges. More than 900 business technology professionals at organizations with 100 or more employees responded to the survey.
Research summary: Fully half of the 946 respondents to InformationWeek’s 2012 Strategic Security Survey cited identity and password management as the most valuable security practice, a significant finding because access control is the most important security process in every organization, yet very few security teams spend enough time on it.
- 52% of respondents report that managing the complexity of security is their biggest challenge, followed by enforcing security policies (39%) and preventing data breaches from outside attackers (34%).
- 25% say smartphones and tablets represent a significant threat to security, with loss or theft their greatest concern when it comes to mobile devices.
- 29% conduct their own risk assessments of cloud providers, up from 18% in 2011.
- Just 33% invest in a secure software development life cycle; of those using SDLC, 33% find it very effective.
The report author, Michael A. Davis, is the CEO of Savid Technologies, a technology and security consulting firm based in Chicago, and an InformationWeek Reports contributor.
“When it comes to security and risk management, it’s tempting to try to address everything, but a more effective approach is to focus on the most likely threats,” says Lorna Garey, content director of InformationWeek Reports. “Implementing better access control, vetting cloud providers, safeguarding mobile devices, educating users and building more secure software should be on every company’s security to-do list.”