Information technology security professionals are feeling pressure to purchase new technologies but do not have the staff necessary to manage them, according to Trustwave’s third annual Security Pressures Report. Over three-quarters of those surveyed said they are pressured to unveil IT projects before they are fully secured.
Trustwave surveyed over 1,400 IT security professionals about the pressures they face in protecting business’ information and reducing security risk. It found that those pressures are growing, and expected to grow, along with troubling indications of a disconnect between IT security teams and company boards.
The biggest operational pressures on security pros remain advanced security threats, and adoption of new technologies, but the shortage of security expertise climbed from the eighth to the third biggest pressure. Forty-percent of respondents feel the most pressure about their security program before and after board meetings, while only thirty-nine percent feel more pressure when a major data breach makes headlines.
Seventy-four percent of security pros feel pressure to implement the latest security features, up from 67 percent a year ago, while possession of the resources to do so has fallen from 71 to 69 percent. One response by organizations has been moving to managed solutions, with 8 percent more partnering or planning to partner with a managed security services provider than a year ago.
“Security professionals live in a unique and stressful environment, defined by conflict with faceless attackers as well as internal threats,” Steve Kelley, Chief Marketing Officer at Trustwave said in a statement. “Businesses rely on information security more than ever before and the pressure to show measurable success is taking a toll on security practitioners. The widening gulf between the expected outcomes and the struggle to maintain adequate solutions and staff is driving businesses, now as many as 86 percent of them, to partner with a managed security services provider to relax the pressures and help them achieve their cybersecurity goals.”
Another approach to relieving the pressure would be intensive hiring, and 29 percent would like to quadruple their security staff, up from 24 percent last year.
Another trend is the persistence of cloud as the “emerging technology” security professionals are facing the most pressure to implement, and the one they consider most risky. The Internet of Things was the second most common response in both cases, but cloud providers should have the resources to reassure potential clients about information security in the cloud. Leading financial firms are rapidly maturing in their cloud approach, CipherCloud said last year, and a report from SkyHigh Networks in October suggested that enterprise cloud security risks are largely on the client side.