The year 2020 will be known as one of hyper-accelerated digital transformation, marked by organizations delivering many years’ worth of migrations and implementations over an accelerated time period. There has been a noticeable surge in organizations replacing their legacy, on-premises technologies with cloud-native platforms that were built with distributed and remote workforces in design and in action. But as many enterprises remain in mid-transition, security teams may still feel out of control now that the work-from-anywhere approach is encouraged and embraced by many employers and expected by most employees.
CrowdStrike recently funded a survey with market research experts Vanson Bourne to assess how the past year has caused organizations to step up to the challenge of security transformation, and to learn more about what their major issues encountered were in terms of time, resources and strategy to achieve their new rapidly evolving business objectives. A total of 900 IT security decision makers and professionals from North America, Europe and the Asia-Pacific Japan (APJ) region were interviewed to learn how they are investing in and building interoperable IT security solutions to lead to better efficacy and efficiency, while aligning with corporate business initiatives.
Path to Security Transformation: Two-pronged Approach for IT Security
The study unveils the need for organizations to transform their security stacks with a two-pronged approach: ensuring both simplicity and efficacy in their security to stop breaches. Among respondents, 71% noted that integration complexity with other technology and security stacks requires improvement, while 44% of respondents say that the need for interoperability with existing solutions is a serious issue when purchasing new IT security solutions. Growing complexity, accelerated digital transformation, evolving adversaries and a lack of skilled cybersecurity talent push organizations to transform their security stacks with easy, interoperable and efficient solutions that leverage rich contextual data.
A full 92% of respondents say that their organization has had operational challenges with IT security. The challenges start early during the purchase and planning stage, where 94% stated that they have had purchasing issues due to solution efficacy, integration complexity, and budget and staffing constraints. Once purchased, it takes organizations an average of three months to implement IT security solutions, then another three months to see value after implementation. Security teams can reduce operational challenges with unified end-to-end tools when implementing their security solutions to realize faster time-to-value and better protection.
A total of 82% of respondents agree that their organization’s IT security would be more effective if all of their IT security solutions shared the same aggregated pool of data, and 80% agree that alert fatigue is an issue within their organization. Making sure that the solutions integrate with each other, in terms of data aggregation and leveraging contextual insights across different environments to make informed timely decisions, will be an important step toward security transformation.
As this year progresses, the cybersecurity skill gap will become a critical issue that organizations are already trying to get ahead of, with 64% agreeing that they need to have internal IT security specialists, and 76% saying that their organization is planning to recruit more specialists over the next 12 months. Businesses looking to hire should ensure that their security stack is simplified with tight integrations to ensure that professionals are spending their resources on business-critical strategic tasks and working toward the same objectives, rather than struggling with complexity and visibility challenges that are outside their expertise.
With work-from-anywhere here to stay, 62% of organizations are investing in building cybersecurity frameworks into their security ecosystem. 70% mentioned adopting the MITRE ATT&CK® framework as one such knowledge base they can use to keep up-to-date on adversary tactics and techniques based on real-world observations. The framework describes and better maps threats, and pinpoints gaps in visibility and process. Other common frameworks that respondents’ organizations plan to adopt include NIST and ISO 27000 (72%), vertical-based frameworks (e.g., PCI DSS, HIPAA, HITRUST; 39%) and Zero Trust frameworks (52%).
Key Takeaways and Recommendations
- Having a modern, highly interoperable stack: By building a modern stack with an integrated ecosystem of trusted partners, it is possible to alleviate the strain on your IT teams; remain secure while planning, implementing and migrating to modern cloud-native applications; and maintain hybrid and multi-cloud environments with efficiency.
- Using a common source of data: By sharing the same aggregated pool of data, organizations can improve performance and efficiency during data collection; ensure that business-critical decisions are made with agility based on contextual information; and fortify cyber defenses when shared across multiple attack surfaces.
- Hiring and retaining the right talent: Organizations can retain talent while remaining agile by making sure that security specialists are focused on business-critical strategic tasks while staying ahead of adversaries, without spinning cycles on integrating solutions that don’t talk to each other or share data.
- Adopting security frameworks: Organizations looking to future-proof their environment during security transformation should use the best practices outlined in publicly available frameworks while also demanding the very best from their trusted security vendors. The organization’s buying center is responsible for ensuring that their solutions fit within recommended frameworks and helping them maximize existing security investments.
How CrowdStrike Helps with Security Transformation
The CrowdStrike Falcon® platform addresses these modern security challenges because it is a purpose-built, cloud-delivered platform designed to prevent and detect adversarial activity across all business entities and stop breaches. It’s built on the CrowdStrike Security Cloud and powered by our cloud-scale, AI-based proprietary CrowdStrike Threat Graph® analytics engine, which is capable of processing more than 5 trillion events per week and making millions of critical decisions per minute — and all of this is delivered through a patented smart-filtering, technology-based lightweight agent. Further, by allowing partners to build applications on this powerful platform and aggregating data to derive contextual insights, CrowdStrike combines technology, expertise and support to provide a truly open ecosystem in the battle against sophisticated adversaries.
The CrowdStrike Store provides organizations with a validated and curated ecosystem of cybersecurity solutions to empower their security transformation. This broad ecosystem of partner integrations provides interoperability and rich content for customers and empowers security teams with the unified tools needed to seamlessly address their wide breadth of unique security use cases. Falcon modules, combined with plugins that streamline the Falcon experience, third-party apps and technology partners’ expertise, empower organizations to spend less time searching so that they can focus on optimizing their existing security investments to achieve faster time-to-value and minimize risk.
To supercharge your security transformation and get ahead of modern attackers, organizations must maximize the value of their current investments, implement modern solutions that seamlessly integrate platform and data, and adopt security frameworks to future-proof overall IT security.
Want to learn more about how to accelerate your security transformation by reducing complexity in your security stack? Register today for our webcast on June 3, 2021.
CrowdStrike commissioned independent technology market research specialist Vanson Bourne to uncover the issues security teams face as they contend with accelerated transformations and modern threat actors. A total of 900 IT security decision makers and professionals were interviewed in January and February 2021, with equal representation across North America (300), Europe (300) and APJ (300) regions. Respondents were required to be from organizations with at least 250 global employees and from across the private and public sectors.
Respondents’ organizations also had to have implemented or plan to implement at least one of the IT security solutions across endpoints, network, cloud, data center, applications and data. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were invited to participate. Unless otherwise indicated, the results discussed are based on the total sample.
- To find out more about the study and recommendation, download the Vanson Bourne infographic.
- Attend our CrowdCast to hear more about the Vanson Bourne study’s research and findings.
- Discover more about the powerful, cloud-native CrowdStrike Falcon® platform by visiting the product webpage.
- Learn more about the CrowdStrike Store by visiting the webpage and watching the video.