Enterprise IT Survey: Protecting Data across the Hybrid Infrastructure

2018 was a harrowing year for enterprise security professionals. More than 4.5 billion records were comprised worldwide in the first six months alone. Roughly 291 records were stolen or exposed per second (1). And it took a whopping 196 days on average to detect a data breach (2). This begs the question:

What security controls are enterprises using to protect sensitive data across their infrastructure?

To find out, Ping Identity surveyed more than 300 large enterprise IT and security professionals across the United States. We explored the nature of enterprise IT infrastructures and learned what companies are doing in response to the current data breach climate. The State of Enterprise IT Infrastructure & Security examines the controls enterprises deploy, which ones they view as most effective and the price they pay when they find themselves victimized.

Security and Cloud Adoption
One of the key survey findings revolves around what enterprises are not doing: moving to the cloud en masse.

Contrary to popular belief, large enterprise IT infrastructure is not largely hosted in the public cloud, nor is it SaaS based. In reality, cloud and SaaS represent a small percentage of companies’ overall IT infrastructure, and hybrid IT—some mixture of cloud, on-prem and SaaS—is extremely common.  By the numbers:

• Only 21% say at least or more than one half of their IT infrastructure is hosted in a public cloud.
• An even smaller percentage, 15%, say at least or more than one half of their organization’s applications are SaaS based.
• 63% say less than one half of their IT infrastructure is in hosted in the cloud.
• The same number, 63%, say less than one half of their organization’s applications are SaaS based.

So why are companies slow to move to the cloud and SaaS, despite the seeming ubiquitousness of cloud-first mandates? The biggest barrier to both cloud and SaaS adoption, according to survey respondents, is security. This finding suggests that enterprises must first address security challenges before looking to expand into cloud environments or SaaS applications.

Enterprises React: The Top Security Controls in Place
Another key survey takeaway revolves around the strategies enterprises are using to combat the threat of data breaches.

Enterprises are prioritizing the protection of their customers’ personally identifiable information (PII), and they’re backing it up with significant investment. When asked about a recent 12-month period (May 2017 to May 2018), 71% said their enterprise spending on customer identity data protection had increased, and 28% are spending the same amount on customer identity data protection.

And the most effective security control they have in place?

• Multi-factor authentication (MFA) is at the top of the list for both on-premises (97%) and public cloud (90%) data.
• Identity federation (single sign-on, or SSO) was also considered by a large majority to be either effective or very effective, with 87% for on-premises and 86% for cloud data.

Get the Full Executive Summary
Security concerns are clearly warranted; more than one quarter of enterprises in our survey had already experienced a data breach. Many suffered lost money and lost customers, while some faced less obvious repercussions, like lawsuits and legal investigations.

See exactly how high these costs are and learn more details about the steps enterprises are taking to prioritize and deploy security controls when you download the full report summary, “The State of Enterprise IT Infrastructure & Security.”

(1) Ed Target, “6 Months, 945 Data Breaches, 4.5 Billion Records,” Computer Business Review, October 9, 2018
(2) Larry Ponemon, “Calculating the Cost of a Data Breach in 2018, the Age of AI and the IoT,” Security Intelligence, July 11 2018