The F5 Networks 2013 RSA Security Trends Survey has revealed that organizations are unprepared to properly address the shift to web-based applications and cloud-based infrastructure.
While nearly two-thirds (64%) of survey respondents see the shift to web-based applications as a trend affecting security, 37% of respondents' organizations are not providing adequate security to protect against potential threats. Similarly, 66% of respondents see the shift to cloud-based infrastructure as a trend affecting security but 49% of respondents' organizations are not prepared against potential threats.
Respondents were RSA conference attendees with IT responsibilities over planning, management, oversight, or implementation of security. When asked what security trends have the greatest impact on an organization's ability to achieve the level of security it desires, respondents answered:
- Virtualization (73%)
- The increasing complexity of threats (e.g., DDoS attacks) (72%)
- Bring-Your-Own-Device (66%)
- The change in the bad guys from hackers to espionage and nation-state-sponsored malware attacks (62%)
- The shift from data center-focused infrastructure to cloud-based infrastructure (61%)
- The shift from traditional client-server applications to web-based applications (60%)
"The security landscape continues to change rapidly and many organizations are struggling to properly address evolving threats," said Mark Vondemkamp, vice president of Product Management for Security at F5 Networks. "Companies will do well to proactively address trends like BYOD and cloud security, but they should also look to raise their game in terms of threat detection and mitigation. With employee behavior, business priorities, and infrastructure demands further expanding traditional threat vectors, the proper tools and procedures are essential in maintaining a healthy level of security."
To prepare for threats posed by emerging security trends, F5 recommends organizations have:
- Centralized, flexible access policy controls that provide comprehensive protection and keep users productive
- A DNS Security Extensions (DNSSEC) solution that delivers security, improved performance, and global availability
- A secure web application firewall and policy-based approach to web application security in addressing emerging threats at the application level