Data from Aberdeen Group’s 1Q 2012 Business Review indicate 21 per cent of UK-based organisations plan to make major technology investments in IT Security initiatives, such as data protection, identity and access management, endpoint or mobile security, and network security this year.
As IT leaders in the UK decide which investments are best for their respective organisations, they may find value in learning which network security solutions are being deployed by top-performing companies to cope with the ever-evolving security threat landscape.
The results for selected network security technologies from an Aberdeen study of more than 160 organisations are shown in Figure 1.
As indicated by the light blue bars, all respondents have deployed network firewalls, while more than 4 out of 5 have also deployed technologies such as email monitoring and filtering (86 per cent), intrusion detection and prevention (82 per cent) and web monitoring and filtering (82 per cent).
Meanwhile, the blue and red lines superimposed on the light blue bars in Figure 1 indicate the percentage of the leaders (top fifth) and laggards (bottom 30 per cent) from Aberdeen’s study that have deployed these selected network security technologies.
In general, leaders have consistently deployed these technologies to a higher degree than have laggards.
The gap between the two lines indicates which technologies have the strongest correlation with top performance, such as intrusion detection and prevention.
But what about organisations for which network security consists solely of a firewall? Is this an effective strategy? For this analysis, Aberdeen looked at 27 companies whose network security is based on firewalls alone, with no intrusion detection or prevention and compared them with 119 companies whose security includes firewalls and a range of other network security solutions.
The leading performers from Aberdeen’s study are also included for reference.
Based on survey responses, Table 1 summarises the following averages for each group, normalised as a percentage of annual turnover:
- Total cost of IT Security-related incidents, such as costs not avoided
- Total cost of IT Security initiatives, including estimates for all related costs for people, process and technologies
- Total annual investment in IT Security, based on the sum of the above
Compared to leading performers, for example, we see the firewall-only group actually spent four times more in total, due in part to being less efficient.
The leaders typically manage their IT Security initiatives at higher scale and lower cost. But the biggest difference is due to the firewall-only group being less effective.