Much of Security Software Is UnderutilizedBy Bob Violino | Posted 2015-02-10 Email Print
One reason security software is not used to the fullest extent is that IT doesn't have the time or staff required to implement software solutions properly.
Large-scale security breaches have been in the news quite a bit lately, including accounts of hacker attacks at companies such as Sony Pictures Entertainment, Home Depot, Anthem and Target.
Organizations of all sizes are aware of the threats and vulnerabilities. Yet, surprisingly, many are not fully leveraging the security technologies they buy, according to a new report from Trustwave, a provider of managed security services and technologies.
The findings reveal a "shelfware" problem that plagues businesses of all sizes, the company says. The report, "Security on the Shelf," includes the findings of a survey asking 172 IT professionals who work at companies of all sizes about the resource challenges they face surrounding security.
These include how much these organizations spend on their security programs; how much money is wasted due to misuse or never using their security controls; why controls were never used; and how they are working to overcome those challenges.
According to the survey, 28 percent of organizations are not getting the full value out of their security-related software investments. Of the $115 per user that organizations spent on security-related software in 2014, $33 was either underutilized or never used at all, the survey reports.
For an organization with 500 users, that means more than $16,000 in security-related software investments was either partially or completely wasted.
One of the main reasons why security-related software is not being used to the fullest extent is that IT does not have the time or staff required to implement the software solution properly. In fact, one-third of the survey respondents said they don't have the personnel needed to take full advantage of the software.
Another finding of the report is that information security spending is on the rise. Organizations spent significantly more on security-related software, hardware and services in 2014 than they did in 2013, $115 per user in 2014 compared with $80 in 2013. That represents an increase of approximately 44 percent year over year.
Smaller businesses are spending significantly more per user on security than larger enterprises, the survey shows. They're spending $157 per user compared with $73 per user in larger companies.
More organizations will use cloud-based security or managed security services in 2015. Organizations expect to see a 43 percent increase in cloud-based or managed security services this year, according to the survey.