IBM Survey: Security Finally Gets Down to Business

It’s been a long time in coming but it looks like security has finally risen to the top of the business agenda.

A new survey of 138 security leaders that was conducted by the IBM Center for Applied Insights finds that two-thirds of them report that business executives are significant paying more attention to security issues today than they were two years ago.

Given the amount of data that has been lost in recent years that may not be a surprise given all the penalties and fines associated with those events. But it’s also clear that business leaders have to come to recognize that there are people and organizations trying to steal intellectual property that could materially affect the fortunes of the business.

According to Steve Robinson, vice president of development, strategy and product management for security systems in the IBM Software Group, security in many companies has actually become a standing item on the corporate board agenda. As a consequence of all this rising interest in security, the vast majority of the security professionals interviewed for the survey report significant double-digit growth in the size of their security budgets. More importantly, much of that funding appears to be aimed at proactively managing risk, versus simply trying to mitigating threats or simply trying to meet compliance requirements.

Robinson says rather than simply acting as an internal police force, security professionals are being asked to become facilitators that are charged with making sure that business activities happen securely. That doesn’t mean preventing them from happening, but rather making sure that employees are conscious of the most secure ways to accomplish a particular business objective.

Of course, the rise of mobile computing hasn’t made the job of the security professional any simpler. But Robinson notes that advanced analytics are starting to make it easier for security professionals to not only identify attacks, but also discover where the most sensitive data in the organization resides. Once armed with that information they can then take measures to more proactively protect that data, as opposed to simply focusing on the network perimeter.

Naturally, there’s no such thing as perfect security. But as organizations start to take a more mature approach to managing risk and security it’s pretty clear that thinking in terms of process, rather than specific devices, will ultimately pay higher security dividends.