Earlier this month, I blogged about what our global online survey respondents said were the primary security drivers in their organizations and IT's new business imperative of protecting brand reputation through better security practices. In my third and final post on our survey findings, I thought I'd borrow a page from Cuba Gooding Jr.'s book in Jerry Maguire and "Show (you) the money!" The 450+ IT professionals responding to our Protect What Matters — Data Security survey shared where they plan to allocate their budgets in the coming 12 months as they embrace newer IT trends like Big Data, Cloud, BYOD and mobile security.
Our survey results showed that 42% of IT security budgets are increasing, and at least 39% maintaining their current spend levels. Personally, I suspect that over 90% will see their budgets either stay the same or increase because a full 13% of the survey participants said they did not know whether their IT security budgets would be increasing or not. Only 6% reported budget cuts.
As for "where" enterprises are allocating their IT security budget dollars in the coming year, our respondents identified server encryption as one of the focal points for investment. According to Verizon's 2012 Data Breach Investigation Report, fully 94% of cyber attacks involve server data, so protecting that server data as close to the source as possible makes enormous business sense in an age of increasingly sophisticated cyber attacks.
The core elements of a well-considered data-centric security strategy include encryption and key management, strong access control policies, log management, and database audit and monitoring (DAM) solutions to identify unusual usage patterns that may represent an advanced persistent threat (APT) attack, compromised accounts or malicious insiders. Two of the primary areas our respondents identified for investment in 2013 were server encryption (40%) and log management (33%) and DAM (33%).
From the conversations I had at our annual Customer Council meeting this week, I wholeheartedly believe that adopting data security best practices as a means of protecting the brand is going to gather even more momentum in the coming months and years. Of course, it's possible I may be biased. What role do you think data security will play in brand management?