Cisco along with the Data Security Council of India (DSCI) recently unveiled the findings of a joint study titled ‘Reinventing the Network in the Context of Security.’ Findings of the study indicate that the current generation security solutions adopted by organizations in India are inadequate to handle the security requirements arising out of technology trends such as BYOD, mobility and virtualization.
The survey which looked at responses from 90 top security leaders and CIOs across industry verticals with focus on BFSI, IT/ITeS, Engineering Services and PSU in India estimates that 72% of security leaders have witnessed an increased demand for flexibility in using endpoint devices. However, 59% respondents also believe that rigid policies around the endpoints are frustrating business users.
63% of the respondents felt that the business groups and their access requirements are getting complex, while 64% indicated that there has been a rapid increase in requests for authorizing access to mobile devices. While 46% of security leaders said that the adoption of cloud is leading to multiple connection of external application or externally provisioned systems, 40% said that the increasing adoption of cloud storage facilities causes data to be placed away from the organization’s boundaries.
This has led to data being stored on and accessed from multiple channels, which is causing security challenges for organizations. For instance, 77% of the leaders said that the attacks are originating from multiple channels and the attack payload is getting increasingly advanced. More than two-thirds (69%), were of the view that managing policies and configuration of devices is a complex task.
Among the key security concerns for protection of endpoint included threat and malware protection (86%), quarantine of non-standard devices (83%), enforceability of network policy on mobile devices (83%), encryption of communication and data (79%), and security scanning of mobile devices (75%).
A good 40% of the security leaders considered securing the advanced mobility enabled enterprise applications a key challenge. Furthermore, the respondents also believe that the current generation security solutions are ineffective to manage security in these environments.
For instance, 56% of the respondents felt that current solutions are ineffective in managing the security of mobile, BYOD, and virtualization. 53% also said that they do not have the capability of integrating external and internal intelligence. Also, 43% of security leaders indicate that capabilities for detecting & blocking attacks that detect known vulnerabilities are insufficient to address threats in the present scenario.
53% of the respondents said that their existing solutions are incompetent to withstand sophisticated, targeted & persistent threats, while a strong 79%, were greatly concerned about the targeted and organized nature of threats aimed at achieving specific objectives. 80% also indicated that social engineering is increasingly used for compromising security.
While the survey also suggests that enterprises are looking at network solutions that are context aware, can differentiate between physical and virtual environments and offer deeper access control, authorization and encryption capabilities, the respondents also believe that implementing next-generation security solutions will be a challenge as it would mean doing away with their current security investments and further investing in additional skill sets.