Compliance spending is at the heart of many security technology deployments at large and midmarket companies, and with it comes an increasing interest in event log management and data leakage detection
A survey of 259 security professionals by IT research firm TheInfoPro has placed event log management as the technology gaining the most attention at Fortune 1000 companies as security pros look to manage log data from multiple security systems and archive it for auditors. Meanwhile, those same companies are evaluating data leakage protection (DLP) technology, which promises to keep tabs on company proprietary data as well as sensitive data, such as Social Security and credit card numbers. Log management and DLP ranked the highest out of a list of about 38 technologies on TheInfoPro's Heat Index, the research firm's ranking of planned technology adoption and funding support for a particular technology.
"Compliance programs are driving certain solutions and log management is one of them," said Bill Trussell, managing director of networking and information security at TheInfoPro. "Organizations we've talked to collect quite a lot of security log information and they need to employ automated systems to process those logs and keep the portions of logs that are important and archive them for reference in the future."
Security spending appears to be rebounding, with 40% of those surveyed indicating increasing security budgets in 2010, according to the survey. About 70% of those surveyed cited spending on IT security at 6% or less of their overall budgets.
Compliance programs are being used more regularly as funding vehicles for security projects. About 75% of firms surveyed said compliance projects were major funding vehicles for security solution procurements, from 52% six months ago, an increase of nearly 50% during the interim period, Trussell said.
More than half of organizations cited increases in their 2010 security budgets specifically to meet regulatory or legal compliance requirements, up from 31% six months ago.
Event log management coupled with SIEM technology
The InfoPro survey found companies interested in event correlation as a very important or extremely important function with SIEM technology. A majority of organizations (70%) are integrating log management into SIEM systems.
SIEM products remained among the top 10 Heat Index technologies for the security management group, Trussell said. Those following the very chaotic SIEM market say companies may find it difficult to properly evaluate vendors since the market is so chaotic. Tripwire Inc. is the latest vendor to enter the SIEM market. Many vendors are competing with similar products, but established names include Arcsight Inc., CA Inc., Intellitactics Inc., IBM, NetIQ Corp. and EMC's RSA Security Division.
Employee errors fuel DLP interest
Early adopters of DLP are reporting success tracking some sensitive data, but the more difficult part of classifying every bit of company proprietary data is more difficult and costly to deploy, Trussell said. Organizations indicated they are deploying some DLP functionality to address employee mistakes that lead to costly data breaches. Fifty-seven percent of the overall sample of participants said DLP solutions were an extremely or very important part of a defense-in-depth strategy.
"Security pros don't want to propose any solution that becomes intrusive to the normal business process," Trussell said. "It doesn't pay to do that because they wind up having to fix those instances and in a lot of ways fixing broken business process means you have to cut down on functionality."
A 2009 survey conducted by Forrester Research Inc. found rising interest in DLP to protect data in the hands of employees increasingly using blogs, instant messaging and social networks to communicate. Data breaches have also been associated with loose controls over data sharing with partners and third-party service providers.
Symantec Corp. was given top honors followed by RSA and Websense Inc. in a study released by the research firm Burton Group last October ranking DLP vendors.
Increase in cloud-based services stirs anxiety
IT security professionals are becoming increasingly worried about data security with the rising use of Internet-based services at many organizations. Nearly three out of four respondents (72%) cited being very concerned or extremely concerned about security in a cloud environment.
Cloud computing services, which TheInfoPro defines as any Internet-based service from the use of Web-based email to the use of Software as a Service applications, such as Salesforce.com, are seeing a sharp increase. Thirty-five percent of organizations indicated they were already using cloud computing services, with an additional 25% citing plans to implement such services in the next two years. "They indicated that they plan to develop a strategy for the utilization of cloud computing in the near future, if they haven't already done so," Trussell said.
Human Resource Information Systems (HRIS) are the most likely application to be transitioned to cloud services, followed by email and ERP systems, Trussell said. Many organizations have long been using outsourced payroll systems, but "the thought was that HR would be the last to be outsourced, but that's not the case, at least from the security pros perspective," Trussell said.