Business and IT decision-makers may not be sleeping well these days. They're likely being kept awake worrying about security threats, according to a survey conducted by Dell Data Security.
Late last year, Dell commissioned market research firm Penn Schoen Berland to conduct a survey of 1,300 business and IT decision-makers in the US, Europe, and the Asia Pacific region. The survey found not only growing consideration for data security inside companies, but also obstacles where other business initiatives aren't fully aligned with security strategy.
The report "shows that there's some increased awareness in the higher levels of organizations, but it's also showing that there's still a lot of work to do for organizations to really integrate cyber-security as a normalized practice," said Michael Kaiser, executive director of the National Cyber Security Alliance, in a phone interview.
Three in four respondents said data security has become a priority for executives leading their organizations. At the same time, one in four said their C-level leaders are not well informed about data security issues.
That disparity can lead to conflicts between business strategies and cyber-security strategies. Dell's report cites as an example how an IT team might go to great effort to secure a corporate network, only to see a work-from-home initiative introduce a security gap.
The report suggests C-level executives need to be more involved in the integration of data security strategies. This requires more than a cursory level of understanding of data security.
Some of that understanding needs to be expressed on a budgetary level. There, respondents lacked confidence. Only one in three IT teams felt executives were budgeting enough.
Kaiser said leaders need to create a cyber-security culture throughout organizations. "In cyber-security, we say it's a shared responsibility. But in a company, it takes leadership. And that includes the board [going beyond compliance and] being engaged in the topic."
Companies, said Kaiser, need not only to strive to thwart attacks, but also to have a response and recovery plan in place, in the event security fails.
Mobility represents a major point of concern for companies. Among respondents, 82% said they had tried to limit data access points to improve security, and only 18% expressed confidence that their data is secure when accessed remotely.
Some 65% said they're delaying efforts to make their workforce more mobile due to security concerns, even as 43% admit to conducting business on mobile devices despite the absence of a mobility program at their company.
"So when companies opt out of creating sanctioned, secure mobility programs, they open themselves up to even greater risks," the report says. "Even those that succeed at locking down data by removing workplace flexibility risk losing star employees."
"Your mobile philosophy has to match what your users will do," said Kaiser. "People shouldn't be scared of mobile. They need to address it in the way it's being used in their company."
The cloud troubles companies even more than mobile. Four out of five respondents expressed concern about storing critical data in the cloud, and 58% of them are more concerned than they were a year ago. Some 38% of respondents said their organization restricted public cloud access due to security considerations.
Encryption, which the US government now argues shouldn't be too strong, represents a related source of worry for IT decision-makers. According to the report, 57% of respondents expressed concern about the quality of encryption at their company.
"Companies have to do everything that can to protect the data they have," said Kaiser. "And encryption is an extremely important tool in that toolset."
Kaiser stressed that companies need to tailor their security strategy to protect the assets that are most important. "Risk gets talked about generally so much. You need to be focused on the risk most pertinent to you."