The sheer complexity of the security systems used by organisations to defend themselves could have become a contributing factor in data breaches, a survey by Check Point has suggested.
It might not be a new theme but the firm’s questioning of 560 UK-based IT and security professionals, found that 42 percent rated the complexity of security products as a risk factor in itself, just ahead of the 40 percent who agreed that simplifying their installations would be beneficial.
Working out what “simplification” means in this context is difficult given the number of layers many organisations now use.
Nearly half used data encryption on selected documents, 39 percent locking down USB ports, 31 percent restricting social media and instant messaging, while a quarter had deployed some kind of data leak prevention (DLP) system.
Meanwhile, 45 percent were now running a range of vulnerability scans on a regular basis to detect unexpected threats with a further third doing so occasionally. Only 9 percent said they hadn’t run such a scan.
The least surprising statistic in the survey was that 57 percent had seen an increase in internal security breaches in the last year although some of this could be explained by increased monitoring.
Check Point’s conclusion is that more security systems does not seem to mean more secure systems; the management that comes from adding layers points to the need for integration. That, of course, suits the firm’s ‘end-to-end’ ‘best of breed’ world view of security technology.
“Even though organisations are concerned about securing their networks, and are deploying more products to deal with a growing range of threats, external attacks and internal incidents continue to increase,” said Check Point’s UK technical director, Tom Davison.
“The complexity of networks, applications and security products is making it harder for IT teams to manage their security estates, which is leading to vulnerabilities not being addressed, and employees inadvertently causing breaches.”
Organisations needed to simplify and consolidate security wherever possible “and make it easier to establish security policies and practices that employees can easily follow, to curb the risk of attacks and breaches,” he said.
The grain of truth in this argument could be countered by pointing out that the number of security layers has increased in response to new technologies, many such as social media and smartphones not originally designed for business use. Inevitably, these have been defended using quickly-developed ‘point solutions, whose pay-off could end up being woefully short term.