A startling lack of senior executive confidence permeates organisations globally, specifically concerning readiness around the critical IT requirements of continuous availability; advanced security; and integrated backup and recovery.
This is one of the insights from an EMC survey about the IT strategies and infrastructures deployed within companies and governments throughout the world.
Reduced investment in these critical areas threatens the ability of IT infrastructures to withstand and quickly recover from disruptive incidents such as unplanned downtime, security breaches and data loss and underscores the need to adopt progressive strategies to achieve trusted IT infrastructures.
The Global IT Trust Curve survey, spanning 3 200 interviews across 16 countries and 10 industry sectors, also quantified wide-ranging geographic and industry variations.
China received the top maturity ranking: Chinese IT decision makers reported implementing the highest concentration of sophisticated continuous availability, advanced security, and integrated backup and recovery technologies.
The US ranked second in maturity on the IT Trust Curve. Underscoring swift and aggressive technology investments to solidify their world influence, three of the four most mature countries – China, South Africa and Brazil – are BRICS nations. Japan ranked last on the IT Trust Curve in the16-nation survey.
David Goulden, EMC president and chief operating officer, comments: “The four big megatrends in information technology today are cloud computing, big data, social networking and mobile devices. Adoption and maturity of these trends must float upon a sea of trust – trust that my information is secure in the cloud, trust that my data won’t be lost or stolen, trust that my IT will be operational when it needs to be – which, these days, is all the time.
“The more trust that can be earned and guaranteed, the bigger and faster the impact of these trends. Conversely, the less trust that is established, the more limited these trends will be. Where countries fall on the IT Trust maturity curve could affect their overall ability to compete.”
The survey found the lower levels of maturity permeate the globe:
* More than half (57%) of all respondents fall into the lower maturity categories, while only 8% place in the Leader category.
* The higher organisations land on the maturity curve, the more likely they are to have already implemented more strategic and leading-edge technology projects such as Big Data Analytics.
There is also a lack of confidence in technology infrastructure:
* Nearly half (45%) of all respondents globally report that their senior executives are not confident that their organisations have adequate availability, security, and backup and recovery capabilities. In South Africa this number is also 45%.
* When asked about executive confidence levels, the percentage of all respondents within each maturity level who said their senior executives are confident that their organisations have adequate availability, security, and backup and recovery are: Laggard (39%), Evaluator (51%), Adopter (65%) and Leader (81%). Within South Africa, the percentages who report their senior teams are confident are: Laggard (33%), Evaluator (51%), Adopter (52%) and Leader (85%).
* Japan has the smallest percentage of respondents (31%) reporting that their senior teams have confidence in these key aspects of IT; Germany has the highest percentage (66%).
* 19% (nearly one in five) of respondents worldwide cite an overall lack of trust in their technology infrastructure. In South Africa this number decreases to 15%.
In addition, a significant disparity exists between how IT and business leaders perceive improvements:
* While globally, 70% of IT decision makers consider the IT department to be the motivation/drive for future resilient and secure IT infrastructure, the number drops to 50% for business decisions makers when asked the same question. The split within South Africa is 75% of IT decision makers and 56% of business decision makers.
* A similar perception gap extends in key disciplines such as security. While overall 23% of respondents globally reported being victims of a security breach in the past 12 months, this was 27% of IT decision makers compared to only 19% of business decision makers, indicating they are not aware of all technology incidents that impact the business. The overall average of 23% compares to 9% of all respondents within South Africa reporting being victims of a security breach – the lowest of any surveyed country.
Organisations with higher levels of maturity avoid – and recover more quickly from – disruptive incidents … and with reduced consequence. For example, globally:
* 53% of organisations in the Leader segment of the IT Trust Curve reported data recovery time measured in minutes or less for their most mission critical applications. The percentage drops to 28% across all maturity tiers.
* 76% of companies in the Leader segment believe they are able to recover 100% of their lost data in every instance versus only 44% in the Laggard segment.
* Overall, organisations in the lowest maturity segment (Laggard) lost one and a half times more money over the last 12 months as a result of downtime than those in the highest maturity segment (Leader).
* Security breaches were the most costly events suffered by respondents globally, who reported an average financial loss over the last 12 months of $860,273 due to breaches, followed by $585,892 and $494,037 respectively for data loss and downtime. In South Africa the averages were $139,722 for security breaches, $420,435 for data loss and $177,816 for downtime – among the lowest responses from the surveyed countries.
Meanwhile, there is widespread unplanned downtime, security breaches and data loss:
* 61% of all respondents’ companies have suffered at least one of the following incidents: unplanned downtime (37%), security breach (23%) or data loss (29%) in the last 12 months. In South Africa, the percentages change to: unplanned downtime (48%), security breach (9%) and data loss (25%) in the last 12 months, with 62% experiencing at least one of these.
* Top 4 consequences globally across organisations experiencing at least one of the above incidents within the last 12 months were loss of employee productivity (45%), loss of revenue (39%), loss of customer confidence/loyalty (32%) and loss of incremental business opportunity (27%). Within South Africa the results change to the following: loss of employee productivity (59%), loss of revenue (53%), loss of customer confidence/loyalty (44%), and delay in product/service development (43%).
Budget constraints (52%) reigned globally as the number one obstacle to implementing continuous availability, advanced security, and integrated backup and recovery solutions. Resources and/or workload constraints (35%), poor planning (33%) and knowledge and skills (32%) rounded out the top four overall.
China was the only country that did not report budget as the top obstacle, instead sighting resources and/or workload constraints (50%). Within South Africa, the top constraints are: budget (57%), resources and/or workload constraints (43%), planning and anticipation (31%), and knowledge and skills (29%).
The top security concerns identified across all respondents were third party application access (43%) and protection of intellectual property (42%), pointing to the need for more advanced technology and intelligence-driven models:
* There remains a heavy reliance on “prevention-oriented” security tools, with more than 80% of all respondents using anti-virus and firewalls as the two most popular security solutions.
* Just 18% worldwide have adopted security information and event management (SIEM) and even fewer, 11%, have adopted governance risk and compliance (GRC) solutions, which provide the necessary monitoring and response capabilities needed to defend against more advanced threats.
Highly-regulated industries throughout the world displayed proportionally higher maturity levels. In addition to the IT and Technology (number three) industries, the remaining Top five most mature industries globally are the highly-regulated Financial Services (number one), Life Sciences (two), Healthcare (four) and Public Sector (five).
Irina Simmons, chief risk officer at EMC, comments: “Most IT practitioners do everything within their power and control to protect the enterprise. Where breakdowns can occur is in communicating up to business leaders, executives, Boards and audit committees. We hear it from Boards all the time. Practitioners need to be able to demonstrate to leadership that they have a governance process whereby they can adequately instil confidence that risks are being addressed in line with the organisation’s overall risk appetite and profile. Success against a particular threat is not just an accident good luck, but the result of a solid process that continually monitors and addresses new risks and threats to the enterprise.”
Dave Martin, chief security officer at EMC, adds: “The time has come for the industry to double down. It’s impossible to deliver advanced security if we lack foundational maturity. Without a predictable environment, or understanding of where our assets are, or an ability to pick up on nuances and detect behavioural anomalies, we will be unable to defend the organisation. That baseline of foundational maturity is an absolute enabler of effective security and establishing overall trust.”
Christian Christiansen, programme VP for IDC’s Security Products and Services Group, says: “Among the many powerful insights that flow from this global study, the rampant lack of senior executive confidence stands out as both alarming and, unfortunately, a sign of the times. Nearly half of respondents say their senior management has zero confidence that their organisations are prepared with adequate availability, security, and backup and recovery. That one startling fact stands as a wakeup call for company boards to make the necessary investments to brace against both external and self-imposed disruptions and threats to their IT systems and data.”