’The Good, The Bad and The Ugly’ was Clint Eastwood’ last and best spaghetti western, and it’s also a very popular description of the cybersecurity industry, to which I will now shamelessly expropriate to describe the findings from EMC’s new global enterprise backup survey, ‘Are You Protected?’. Similar to virtually every other security study I see, the survey reports improvements in some areas, some problems in other areas, and the usual plug for new solutions that will make you more secure, less vulnerable or more likely fall somewhere in between.
The survey results are very topical, said Peter Smails, VP, Marketing, Core Technologies, EMC. It also gives the company, which will soon become part of Dell, an opportunity “to talk about everything we’re doing to address those challenges.”
While I found it interesting that this conversation was held with EMC, and not RSA, it’s security business, Smails told IT Trends & Analysis who better to address data protection than the company that stores most of that data. The key findings of the survey of IT decision makers at 2,200 organizations included:
-incidents of traditional data loss and disruption are down since 2014, but new challenges mean 13% more businesses experienced loss overall;
-over half of businesses fail to protect data in the cloud despite more than 80% indicating they will rely on SaaS-based business applications;
-36% have lost data in the last year as the result of a security breach;
-the average cost of data loss is more than $914,000.
People are getting smarter about data protection, said Smails, but they continue to experience data loss. “You need to be vigilant. The world is evolving quickly.”
According to a new RSA survey, 75% of survey respondents have a significant cybersecurity risk exposure, and nearly half characterized essential Incident Response (IR) capabilities as ‘ad hoc’ or ‘non-existent’. “We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasizes detection and response,” stated RSA President Amit Yoran.
As noted in Sea Of Alarms, one of cybersecurity’s biggest problems isn’t finding a problem, but rather finding and dealing with the most pressing problem. According to a recent survey, nearly 74% of those surveyed reported that security events/alerts are simply ignored because their teams can’t keep up with the suffocating volume.
Then there was the new ‘new’ study I just received which identified complext IT security as a growing problem. According to security vendor IS Decisions’ survey of 250 US organizations, on average each employee loses 21.88 minutes every week — which works out to 182 days/year lost productivity per organization — because of complex IT security procedures.
Among Gartner’s top 10 security predictions for 2016 are:
-through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year;
-by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources
-through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices; and,
by 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
A lot of money is being thrown at cybersecurity:
-worldwide spending on cybersecurity products and services is expected to exceed $1 trillion for the 5-year period 2017-2021;
-the managed security services market is predicted to reach $35.53 billion by 2020, growing at a CAGR of 14.8% ($17.79 billion in 2015); key vendors include AT&T, Dell SecureWorks, IBM, Symantec, Verizon Communications, Computer Sciences Corporations (CSC), CenturyLink, Hewlett-Packard, Solutionary, and Trustwave Holdings;
-the Internet of Things (IoT) security market will be worth $28.90 billion by 2020, a market expected to experience a CAGR of 33.2%, and currently dominated by Cisco, IBM, Infineon Technologies, Intel Corporation, Symantec, and Check Point Technologies
-the application security market is estimated to grow from $2.24 billion in 2016 to $6.77 billion by 2021, at a CAGR of 24.8%; major players include IBM, Hewlett Packard Enterprise, WhiteHat Security, Veracode, Checkmarx, Qualys, Rapid7, Trustwave, Acunetix, and Cigital; and,
-the security analytics market will climb from $2.83 billion in 2016 to $9.38 billion by 2021, at a CAGR of 27.1%.
The growing importance of security — and the money being spent on it — is shaking up the security market. The top 20 vendors — in alphabetical order — are: BAE Systems; Check Point Software Technologies; Cisco Systems; Deloitte Touche Tohmatsu ; EMC; Ernst & Young Global; Fortine; General Dynamics; Hewlett Packard; IBM; Intel; Kaspersky Lab; L-3 Communications; Leidos; Lockheed Martin; Northrop Grumman; PWC; Raytheon; Symantec; and, Trend Micro.
However, security industry’s usual suspects are not only faced with tremendous opportunity, but equally tremendous challenges, i.e. as we await the pending EMC (& RSA) acquisition, Dell SecureWorks was spun off earlier this year. Now rumors are circulating that Intel will dump its cyber security business, which centers around its $7.7 billion McAfee acquisition in 2011.
Which brings us back to EMC, which is promoting new Isolated Recovery Solutions (IRS) to help enterprises ‘air gap’ [not to be confused with knee capping, air gapping is a security measure that involves isolating a computer or network and preventing it from establishing an external connection] data from cyber attacks. These solutions include:
-ProtectPoint protects directly from primary to protection storage with no traditional backup infrastructure, cutting backup times by 10x and restore times by 20x;
zDP scale-out automated snapshot solution for mainframe storage that slashes mainframe Recovery Point Objectives by up to 144x;
-Enterprise Copy Data Management (eCDM) discovers, automates, and optimizes organizations’ copy data;
-Data Domain Virtual Edition can reduce storage requirements by 10-30x and includes DD Boost, to speed backups by up to 50%; and,
-VCE Data Protection Appliances, built with Data Domain and EMC data protection software, designed to cut deployment time by 75%.
Eventually, there will also be IRS offerings based on EMC’s XtremIO, Unity and Isilon storage platforms.