Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Key Security Investments for 2013…and beyond

Cindy_Blake ‎01-11-2013 10:38 AM - edited ‎09-16-2015 08:42 AM

Have you seen the 2013 Global State of Information Security Survey¹ (GISS) from CIO Magazine, CSO Magazine and Price Waterhouse Coopers?  It reveals an interesting trend with regard to security programs and highlights a shift in security priorities.


A majority of respondents to the 2013 GISS survey say their information security activities are effective—but this confidence has been eroding since 2008.  (Source: Question 41: “How confident are you that your organization’s information security activities are effective?”)¹


Despite this self-confidence, the analysis reveals that only 8 percent of respondents rank as real leaders. “A comparison of this group with the much larger cohort of self-proclaimed front-runners suggests that many organizations have opportunities to improve their security practices.”¹


What defines a leader?  According to the study, “Leaders are, by significant margins, more likely than all respondents to have a more mature security practice, implement strategies for newer technologies, and use sophisticated technology tools to safeguard data.”¹


How leaders compare



The GISS data shows that leaders are twice as likely to have a CISO or equivalent and to involve security early in major projects.  All have measured and reviewed security in the past year and a majority of respondants expect to spend more in 2013. 


These statements say that current security programs are not enough.  Security must be dynamic and investments must evolve to keep up with current challenges.  A case in point:  even leaders are behind on mobile security – only 57 percent have a mobile security strategy¹.  This is why one of the top investment areas for 2013 is mobile security—as evidenced by the GISS survey results:




In 2013, security investments will be driven by the new threat landscape brought about by Cloud and Mobility.  And many are investing in context-awareness via correlation tools and federated-identity management. 


Where will security investments focus next?


Looking beyond the GISS survey, we expect to see investment in even more sophisticated capabilities in 2014. This will happen either via third-party Internet monitoring and analysis, as the GISS study substantiates, or with in-house analysis via ‘big data’ analysis tools that provide context from outside the enterprise.


The following Security Maturity model² can help assess where security capabilities will head next, and more importantly, provide a framework around which you can honestly assess your own capabilities.




Why would a company want to invest to become more agile in their Security response?  The 2012 HP Ponemon Cost of Cyber Crime Study shows that the longer it takes to resolve a breach, the more costly it becomes.  Companies ideally want to prevent attacks—not just identify them when they occur.  This requires a different mind-set where context and external data provide offensive insight to potentially prevent attacks.  I think investments will continue to evolve toward these more predictive, analytics-based approaches as security programs mature.


Are you confident in your security program?  Does your confidence align to where you are on the security maturity curve?  Are you looking ahead to prevent attacks?  Or are you catching up with basic defensive and compliance capabilities?  HP Enterprise Security Products can help you get ahead of the curve.





¹2013 Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September 2012

²Security Maturity model – developed by Cindy Blake within HP’s Enterprise Security Products group





0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all