Top 3 Security Threats Facing CIOs

David Cramer, Vice President Data Center Automation & Cloud Management, BMC  

Security is top of mind for most executives, but deciding what key issues to tackle first is a hefty decision with significant consequences.  BMC and Forbes Insights conducted a survey with more than 300 C-level executives in North America and Europe. A resounding 97 percent of the executives expected a rise in data breaches. Compliance is also high on the priority list as 53% said it’s important/critical to address the increase in the volume and complexity of regulatory compliance requirements this year.

The research validates the hypothesis that in order for an enterprise to successfully police, audit, and enforce security protocols, there needs to be a significant partnership between security and operations teams and a consistent and automated way to identify, prioritize, and fix threats. The survey distilled the cacophony of issues down to these key security threats:

1. Misalignment between Security and Operations
Security and Operations efforts determine an enterprise’s security strength but the goals and priorities between the teams are often disconnected. The Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) are focused on keeping their organizations secure. They define security policies, adopt new technology to support their strategies, and continuously monitor and audit.  According to a senior principal analyst of a strategy group, “The security team identifies vulnerable systems, but it isn’t necessarily their job to address those vulnerabilities. They throw the problem over the wall to the operations team.”

Operations managers and their staffs focus on keeping the business productive and competitive. They need to ensure that a security remediation in one area doesn’t cause downtime elsewhere. Plus, they have to deal with regulatory compliance issues and get a better understanding of what’s most critical to fix first.

While both groups have goals that are very important to their business, this imbalance of priorities and lack of awareness between security and operations is known as the SecOps gap. This gap can result in vulnerabilities leading to unnecessary risks, including data loss and production downtime. It can also result in unnecessary labor costs and unproductive compliance processes.

2. Failure to Fix Vulnerabilities
Half of the organizations that experienced a breach in the last year also reported a loss of data. Sadly, more than 50 percent of those respondents said that a patch for the vulnerability was known to the security staff at the time of the breach.

So, why weren’t the patches deployed? Remediation delays can happen when what might seem like a high priority to security staff isn’t viewed that way by operations, which is focused on ensuring uptime and performance. According to 44 percent of the total respondents, it takes organizations weeks to fix high-impact vulnerabilities once a patch is available. That delay can cause significant business consequences.

3. Waiting Too Long to Automate Security and Compliance Processes
The clock is ticking. The financial impact of a data breach caused by a vulnerability and its harm to a company’s reputation can be significant. As threats increase, the need to more fully automate security and compliance processes becomes undeniably critical. Organizations must be able to close the SecOps gap. Automation can help them respond to new threats much faster and replace time-consuming and error-prone manual processes for the testing and rollout of patches.

Keeping enterprises secure is more challenging than ever. Fortunately, centralized management solutions can help facilitate coordination and collaboration between security and operations teams. In fact, 60 percent of the respondents reported that they want tools for automating corrective actions and 59 percent want a centralized view into vulnerabilities and remediation actions.

What’s Your Plan?
Threats to your enterprise won’t go away but you can control them with technology and a comprehensive game plan for closing the SecOps gap to help your organization become more secure, efficient, and compliant with government regulations. Learn more in this report from BMC and Forbes Insights: “The Game Plan for Closing the SecOps Gap”

Contact David at David_Cramer@bmc.com
BMC is a global leader in innovative software solutions that enable businesses to transform into digital enterprises for the ultimate competitive advantage.  Visit us today at www.bmc.com/threatdirector.

 

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.