2018 was a harrowing year for enterprise security professionals. More than 4.5 billion records were comprised worldwide in the first six months alone. Roughly 291 records were stolen or exposed per second (1). And it took a whopping 196 days on average to detect a data breach (2). This begs the question:
What security controls are enterprises using to protect sensitive data across their infrastructure?
To find out, Ping Identity surveyed more than 300 large enterprise IT and security professionals across the United States. We explored the nature of enterprise IT infrastructures and learned what companies are doing in response to the current data breach climate. The State of Enterprise IT Infrastructure & Security examines the controls enterprises deploy, which ones they view as most effective and the price they pay when they find themselves victimized.
Security and Cloud Adoption One of the key survey findings revolves around what enterprises are not doing: moving to the cloud en masse.
Contrary to popular belief, large enterprise IT infrastructure is not largely hosted in the public cloud, nor is it SaaS based. In reality, cloud and SaaS represent a small percentage of companies’ overall IT infrastructure, and hybrid IT—some mixture of cloud, on-prem and SaaS—is extremely common. By the numbers:
Only 21% say at least or more than one half of their IT infrastructure is hosted in a public cloud.
An even smaller percentage, 15%, say at least or more than one half of their organization’s applications are SaaS based.
63% say less than one half of their IT infrastructure is in hosted in the cloud.
The same number, 63%, say less than one half of their organization’s applications are SaaS based.
So why are companies slow to move to the cloud and SaaS, despite the seeming ubiquitousness of cloud-first mandates? The biggest barrier to both cloud and SaaS adoption, according to survey respondents, is security. This finding suggests that enterprises must first address security challenges before looking to expand into cloud environments or SaaS applications.
Enterprises React: The Top Security Controls in Place Another key survey takeaway revolves around the strategies enterprises are using to combat the threat of data breaches.
Enterprises are prioritizing the protection of their customers’ personally identifiable information (PII), and they’re backing it up with significant investment. When asked about a recent 12-month period (May 2017 to May 2018), 71% said their enterprise spending on customer identity data protection had increased, and 28% are spending the same amount on customer identity data protection.
And the most effective security control they have in place?
Get the Full Executive Summary Security concerns are clearly warranted; more than one quarter of enterprises in our survey had already experienced a data breach. Many suffered lost money and lost customers, while some faced less obvious repercussions, like lawsuits and legal investigations.