This year, 2023, marks the beginning of a new age of data-driven transformation. Security and IT teams must scale to keep pace with the needs of business to ensure the protection of any data, anywhere. Modern hybrid cloud landscapes present complex environments and daunting security challenges for security and IT teams who are responsible for the protection of data and apps and workloads operating across a heterogenous landscape of data centers, hybrid clouds and edge computing devices. As the volume of data generated by IoT devices and systems grows exponentially, the ability to close the IT security gap is proving to be elusive and frustrating.
The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, now in its third year, is sponsored by Hewlett Packard Enterprises (HPE) to look deeply into the critical actions needed to close security gaps and protect valuable data. In this year’s research, Ponemon Institute surveyed 2,084 IT and IT security practitioners in North America, the United Kingdom, Germany, Australia, Japan, and for the first time, France. All participants in this research are knowledgeable about their organizations’ IT security and strategy and are involved in decisions related to the investment in technologies.
Security and IT teams face the challenge of trying to manage operational risk without preventing their organizations from growing and being innovative. In this year’s study, only 44 percent of respondents say they are very effective or highly effective in keeping up with a constantly changing threat landscape. However, as shown in this research there are strategies security and IT teams can implement to defend against threats in complex edge-to-cloud environments.
The IT security gap is not shrinking because of the lack of visibility and control into user and device activities. As the proliferation of IoT devices continues, respondents say identifying and authenticating IoT devices accessing their network is critical to their organizations’ security strategy (67 percent of respondents). However, 63 percent of respondents say their security teams lack visibility and control into all the activity of every user device connected to their IT infrastructure.
How high-performing teams are closing the IT security gap
Seventy percent of respondents self-reported their organizations are highly effective in keeping up with a constantly changing threat landscape and close their organizations’ IT security gap (9+ responses on a scale of 1 = not effective to highly effective). We refer to these organizations as “high performers”. In this section, we analyze what these organizations are doing differently to achieve a more effective cybersecurity posture and close the IT security gap as compared to the 80 percent of respondents in the other organizations represented in this research.
As evidence of their effectiveness, high-performing organizations had fewer security breaches in the past 12 months that resulted in data loss or downtime. Almost half of respondents (46 percent) say their organizations had at least 7 and more than 10 incidents in just the past 12 months. In contrast, only 35 percent of high performers say their organizations had between 7 and more than 10 security incidents.
High-performing organizations have a larger IT security function. Fifty-four percent of high performing organizations say their organizations have a minimum of 21 to more than 50 employees in their IT security function. Only 44 percent of respondents of other organizations had the same range of employees in IT security.
High performers are more likely to control the deployment of zero trust within a Network as a Service (NaaS) deployment. Of those familiar with their organization’s zero-trust strategy, more high performers (36 percent of respondents) than others (28 percent of respondents) say their organization is responsible for implementing zero trust within a NaaS. Only 20 percent of high performers say it is the responsibility of the NaaS provider and 10 percent say a third-party managed service provider is responsible.
High performers centralize decisions about investments in security solutions and architectures. Sixty percent of high performers say it is either the network team (30 percent) or security team (30 percent) who are the primary decision makers about security solutions and architectures. Only 15 percent say both functions are responsible.
More high performers have deployed or plan to deploy the SASE architecture. Forty-nine percent of high performers have deployed (32 percent) or plan to deploy (17 percent) the SASE architecture. In contrast only 39 percent of respondents in the other organizations have deployed (24 percent) or plan to deploy (15 percent) the SASE architecture.
More high performers have achieved visibility of all users and devices. High performers are slightly more confident (38 percent of respondents) than other respondents (30 percent of respondents) that their organizations know all the users and devices connected to their networks all the time.
Far more high performers are positive about the use of Network Access Control (NAC) solutions and their importance to proving compliance. These respondents are more likely to use these solutions for IoT security. Fifty-one percent of high performers say NAC solutions are an essential tool for proof of compliance vs. 42 percent of respondents in other organizations. Fifty-five percent of high performers vs. 38 percent of other respondents say NAC solutions are best delivered by the cloud.
High performers recognize the importance of the integration of NAC functionality with the security stack. Respondents were asked to rate the importance of the integration of NAC functionality with other elements of the security stack on a scale from 1 = not important to 10 = highly important. Sixty-two percent of high performers vs. 54 percent of other respondents say such integration is important.
High performers are more likely to believe continuous monitoring of network traffic and real-time solutions will reduce IoT risks. Sixty-two percent of high performers vs. 52 percent of other respondents say continuous monitoring of network traffic for each IoT device to spot anomalies is required. Forty-seven percent of high performers vs. 38 percent of other respondents say real-time solutions to stop compromised or malicious IoT activity is required.
High performers are more likely to require current security vendors to supply new security solutions as compute and storage moves from the data center to the edge. Forty percent of high performers vs. 30 percent of other respondents say their organizations will require current security vendors to supply new security solutions. Respondents in other organizations say their infrastructure providers will be required to supply protection (45 percent vs. 34 percent in high performing organizations).
High performers are more likely to require servers that leverage security certificates and infrastructures that leverage chips and/or certificates. The research reveals significant differences regarding compute and storage requirements. Specifically, high performers require servers that leverage security certificates to identify that the system has not been compromised during delivery (67 percent vs. 60 percent in other organizations). High performers are more likely to require infrastructure that leverages chip and/or certificates to determine if the system has been compromised during delivery (64 percent vs. 56 percent in other organizations). High performers also are more likely to believe data protection and recovery are key components of their organizations’ security and resiliency strategy (58 percent vs. 50 percent in other organizations).
Conclusion: Recommendations to close the IT security gap
According to the research, the most effective steps to minimize stealthy or hidden threats within the IT infrastructure are the adoption of technologies that automate infrastructure integrity verification and implement network segmentation. The research also reveals there is a growing adoption of zero trust and Secure Access Service Edge (SASE) architectures to manage vulnerabilities and user access. Important activities to achieving a stronger level of IoT security, according to the research, is the continuous monitoring of network traffic for each IoT device to spot anomalies and real-time solutions to stop compromised or malicious IoT activity.
Other actions to be considered in the coming year include the following:
- Require servers that leverage security certificates and infrastructures that leverage chips and/or certificates.
- Invest in having a fully staffed and well-trained IT security function. Such expertise is critical to ensuring data protection and recovery are key components of an organization’s security and resiliency strategy. A lack of skills and expertise is also the primary deterrent to adopting a zero-trust framework.
- Consider centralizing decisions about investments in security solutions and architectures as high performers in this research tend to do. A concern of respondents is the inability of IT and IT security teams to agree on the activities that should be prioritized to close the IT security gap. This concern is exacerbated by the siloed or point security solutions in organizations.
- Deploy Network Access Control (NAC) solutions to improve IoT and BYOD security. These solutions support network visibility and access management through policy enforcement for devices on users of computer networks. NAC solutions can improve visibility and verify the security of all apps and workloads.