SAN JOSE, Calif. – Jan. 21, 2016 – Vormetric, a leader in enterprise data security for physical, virtual, big data and cloud environments, today announced the results of its 2016 Vormetric Data Threat Report, issued in conjunction with analyst firm 451 Research. The fourth annual report, which polled 1,100 senior IT security executives at large enterprises worldwide, details rates of data breach and compliance failures, perceptions of threats to data, data security stances and IT security spending plans.
Critical findings illustrate organizations continue to equate compliance with security in the belief that meeting compliance requirements will be enough, even as data breaches rise in organizations certified as compliant. Investments in IT security controls were also shown to be misplaced, as most are heavily focused on perimeter defenses that consistently fail to halt breaches and increasingly sophisticated cyberattacks.
“Compliance does not ensure security,” said Garrett Bekker, senior analyst, enterprise security, at 451 Research and the author of the report. “As we learned from data theft incidents at companies that had reportedly met compliance mandates (such as Anthem, Home Depot and others), being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen. But we found that organizations don’t seem to have gotten the message, with nearly two thirds (64%) rating compliance as very or extremely effective at stopping data breaches.”
“Organizations are also spending ineffectively to prevent data breaches, with spending increases focused on network and endpoint security technologies that offer little help in defending against multistage attacks,” added Bekker. “It’s no longer enough to just secure our networks and endpoints.”
“There are significant concerns about how enterprises and federal government agencies are safeguarding confidential citizen, customer and company information,” said Tina Stewart, vice president of global marketing for Vormetric. “Organizations seem to be in denial about the risk, and are relying on tools that consistently fail against today’s multi‐layer attacks rather than adding a stronger emphasis on protecting data and valuable customer information. Data security technologies such as encryption, access controls, tokenization, data masking and data access monitoring can even enable new business models and cost structures, making it possible to securely use cloud, big data and IoT technologies that would otherwise be too risky to implement.”
The report also finds significant differences in the primary drivers for data security strategies around the world:
Some of the greatest differences identified were in organizations planned spending increases on data-at‐rest defenses, the most effective solutions for protecting data from multi‐phase, multi‐layer attacks. These differences suggest again that many organizations are less concerned about preventing data breaches than they are with checking the compliance box. Planned data‐at‐rest defense spending increase variations reported were:
Perceptions of risk from cloud and privileged insiders continued to increase around the globe from last year, while the perception of risk from mobile devices decreased as organizations started to recognize relatively small volumes of sensitive data reside on these devices.
With the Internet of Things (IoT) a new area for the vast majority of enterprises, few seemed to recognize the risks posed by the mountains of personal data being collected by connected IoT devices, with only 17% recognizing it as a top three risk for loss of sensitive data.
As detailed in the report, organizations need to realize that continuing to invest in “business as usual” IT security tools is no longer enough to protect critical data. A strong focus on data security must be added to create a comprehensive security strategy that can protect sensitive information. Organizations can make immediate improvements by:
The data in this study is based on Web and phone interviews of 1,114 senior executives in Australia, Brazil, Germany, Japan, the UK and the U.S. Most have a major influence on or are the sole decision maker for IT at their respective companies.
Respondents represented the following industries: automotive; education; energy; engineering; federal government; healthcare; IT; retail; and telecommunications.
451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group.
Vormetric’s comprehensive high‐performance data security platform helps companies move confidently and quickly. Our seamless and scalable platform is the most effective way to protect data wherever it resides—any file, database and application in any server environment. Advanced transparent encryption, powerful access controls and centralized key management let organizations encrypt everything efficiently, with minimal disruption. Regardless of content, database or application—whether physical, virtual or in the cloud—Vormetric Data Security enables confidence, speed and trust by encrypting the data that builds business.
Quote Sheet: 2015 Vormetric Insider Threat Report Partners
"The Cloud Security Alliance is dedicated to helping organizations make safe use of cloud computing environments,” said Jim Reavis, CEO of Cloud Security Alliance. “The report clearly illustrates that organization still feel at risk from their cloud and SaaS implementations, illustrating the need for education and best practices that enable them to safely benefit from their cloud‐based resources.”
“At Executive Mosaic we focus on connecting government and private sector leaders to the benefit of both. Our community sees the safety of citizen and other government data as a critical topic,” said President Jim Garrettson of Executive Mosaic. “Results from the report highlight the vulnerability of government and private sector organizations to cyber threats, and the need for the tools and relationships that can help to protect their sensitive data.”
“OASIS is dedicated to driving the development and adoption of open standards, and in supporting the safe adoption of cloud, IoT, big data and other new technologies,” said Carol Geyer, senior director, OASIS. “The report clearly shows the need for organizations to feel secure in their use of sensitive data both within their data centers, and within new technology environments, suggesting the need for standards that support this goal.”
“As organizations undergo digital transformation and their architectures continue to evolve to include cloud, IoT and mobile, the risk of exposing data is growing exponentially. To secure information in all its forms, data in use, data in transit and data at rest, organizations must focus on protecting their most sensitive data through encryption and encryption technologies.” said Peter Galvin, vice president strategy at Thales e‐Security. “The report highlights the struggles that organizations are encountering as they cope with these changes, and make decisions about where to invest to protect their environments, customers and sensitive information.”
Thales recently signed a definitive agreement to acquire Vormetric which, when completed, will extend Thales’ data protection and key management solutions to further protect enterprises against cybersecurity threats.