A TechTarget survey of more than 4,100 IT professionals worldwide showed that priorities for 2014 include a healthy dollop of security concerns. The top security initiatives were perhaps not quite what you'd expect, though, with new deployments in network security leading the to-do list. Forty-five percent of respondents said they'd add new capacity in this area, with data loss prevention (DLP) following at 39%.
Bruce Schneiercryptography expert
Behind network security and DLP, top project priorities were threat detection and management as well as identity and access management (IAM), both at 35%, followed by encryption at 34%.
Tyler Shields, senior analyst of security and risk management at Forrester Research, said that network security also led research performed at that company. "It doesn't surprise me in the least, because that's what people understand. I'm surprised that DLP is as high as it is, because it's extremely difficult."
Tyler said he liked seeing encryption as a top priority because "if you think about what you're really trying to secure as a company, at the end of the day, the most effective way to secure your data is to make sure that only you can read it. The hard part is managing how encryption works, but there are some pretty cool technologies out now that keep things searchable and usable, so that's probably what's pushing encryption up right now."
And, he said, "it's also people saying, 'Oh my god, the NSA has been looking at my stuff.' Of course they've been looking at your stuff for twenty years, but all of a sudden you're realizing it. There's a bit of a bubble there, but there are also some new technologies there that are pushing that forward as well."
Cryptography expert Bruce Schneier, however, doesn't see encryption being much driven by NSA-related concerns. He said in an email conversation, "My guess is that the ‘Snowden effect’ is minimal and more pronounced in individuals and non-US corporations."
At the somewhat more abstract level of embracing overarching security programs, 83% said they either already have or will implement a formal governance, risk and compliance program.
In terms of the larger trends that are reshaping IT, one quarter of respondents said that they'll have 40% or more of their overall storage capacity in the cloud next year (no doubt pushing encryption up the list) and three-quarters (74%) said they'll be giving their employees more mobile devices next year.
The respondents were spread fairly evenly around the world, with roughly a thousand in North America, six hundred in Europe and 1,500 in APAC. Fully a fifth of the respondents spend most of their time working on security. The survey was fielded in the final quarter of last year.