Anti-Malware Gives Biggest Bang For Security Buck
Antivirus software, firewalls and having a CISO also deliver high returns, finds the Ponemon Institute.
Slideshow: Cloud Security Pros And Cons
|(click for larger image and for full photo gallery)|
So finds a new survey of 488 United Kingdom-based IT and IT security practitioners. The study, sponsored by Vodafone and F-Secure and conducted by Ponemon Institute, asked IT professionals to rate the cost and effectiveness of various security options, as well as to assess their organization's current security posture.
More Security Insights
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Getting a Grip on Mobile Malware
- Hybrid Messaging Security Solutions Enhanced Security and Business Flexibility
- 4 Data Threats in a Post-PC World
Surprisingly, the study found that when it comes to mitigating the biggest security threat facing organizations -- identified by respondents as being the loss, theft or removal of sensitive information -- organizations are lacking both the required bang and buck.
"Time and again our research finds that security and data protection activities are both under-funded and under-staffed," said Larry Ponemon, chairman and founder of Ponemon Institute, in a statement.
One related challenge is that many organizations still require their security teams to justify their technology budget by using traditional return on investment (ROI) metrics. But for lost data, shouldn't the opposite have to be proven, since success is roughly equivalent to nothing bad happening, or not having to pay for a data breach cleanup?
Accordingly, Ponemon is advancing a different business case for justifying information security purchases: return on prevention. "Because expenditures must be justified to pass budget approval hurdles, we believe our 'return on prevention' model can help make it easier for IT and IT security practitioners to make the business case for acquiring enabling security technologies and related control activities," he said.
Return on prevention emphasizes "low-cost solutions that are effective in stopping threats or attacks," and which require few resources to deploy or implement, said Ponemon.
Applying these metrics, the study reports that beyond antivirus, anti-malware, endpoint security, web applications firewalls, and policy enforcement tools, mobile device security solutions also produced a relatively high rate of prevention return, versus information security technologies residing in enterprise systems or networks.
But the highest return on a prevention investment, according to the study, "is from governance and control activities, including the appointment of a CISO and training of end users, and professional certification of security staff."
Acquiring Sun wasn't enough for Oracle CEO Larry Ellison, who's now driving the company to overtake SAP and IBM and pushing the virtues of a complete Oracle IT stack. We investigate Oracle's next giant steps. Download our report here (registration required).