Generation gaps & other security risks
Some of the top security concerns confirmed in the study are:
- Poor security deployments: 70% said their organization had made investments in IT security technology that was not successfully deployed (e.g. shelfware).
- Unapproved and rogue app deployments: 65% of respondents said their organization is not able to reduce the inherent risk of unapproved applications increasing risk, including from shadow IT.
- Unmanaged data at risk: 64% say their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files with no expiration date).
- Talent pool is small: Only 40% said their organization is successfully hiring knowledgeable and experienced security practitioners.
- 55% of security and business respondents said that Millennials, born 1981-1997, pose the greatest risk of circumventing IT security policies and using unapproved apps in the workplace.
- 33% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams.
- 32% said Gen Xers, born 1965-1980, were most likely to circumvent security policies and use unapproved apps and devices in the workplace.
The study found that 67% of global business respondents are aware of GDPR, but only about half have started to prepare for GDPR compliance. Companies who do business in Europe need to adapt: 74% of respondents say GDPR will have a significant and negative impact on business operations. 65% are worried about the new penalties of up to 100 million euros or 2 to 4 %of annual worldwide revenue. Also, over half (52%) of respondents do not feel that their security infrastructure facilitates compliance and regulatory enforcement with a centralized approach to controlling, monitoring and reporting of data.
GDPR compliance strategies
Since GDPR mandates data protection “by design and by default”, compliance is no longer just a choice and results must be defensible, says Citrix Chief Security Strategist Kurt Roemer. The good news, he says, is that GDPR compliance strategies “can be implemented today utilizing application and desktop virtualization, combined with data containerization and enclaving for mobilization and control over data distribution. Management of sensitive data is further enhanced through digital signatures, digital watermarks, contextual access, information rights management and country or region data protection specificities.”
- Whenever possible, centralize apps and data in the data center or cloud so sensitive enterprise data is not stored on devices.
- When sensitive data must be distributed, mobilized or utilized offline, ensure it is protected in a secured enclave.
- Precisely control access to resources with context-aware policies based on user, device, location, application and data sensitivity.
- Provide visibility and management capabilities that unite your entire IT infrastructure to deliver application and data-specific security.
In short, look for “a simplified approach that delivers compliance and strengthens security without impeding productivity,” says Roemer. Citrix is a 2016 Mobile Star Awards Sponsor and Winner in multiple categories.