Netwrix Research Lab conducts industry surveys among IT pros worldwide to discover up-to-date interests and granular trends' analysis of the industry
With compliance regulations growing tighter and data privacy taking center stage, in this year’s report we focused on data security in the cloud. We asked organizations about the kinds of data they store in the cloud, their top concerns about securing that data, the incidents they have experienced and their future plans for storing data in the cloud.
of organizations store PII of customers and employees in the cloud, unlike financial data and intellectual property.
of organizations that do not classify customer PII stored in the cloud experienced at least one security incident in the past year.
of organizations couldn’t identify who was actually at fault for a security breach, compared to 6% in 2018.
For our third annual IT risks survey, we decided to completely revamp our approach and make an in-depth study of six major IT risks that are significant for most organizations. The research revealed a vivid discrepancy between organizations’ expectations and reality. For most companies insiders, who make mistakes, are more dangerous than hackers.
of respondents do not know what their employees are doing with sensitive data.
of respondents re-evaluate their IT risks at least once a year.
of organizations have an actionable incident response plan.
The results of the 2018 edition of the annual Netwrix customer survey are now available. You’ll learn which problems Netwrix Auditor helps customers solve and what results they have been able to achieve. You’ll also find out why they were shopping for a solution in the first place and how satisfied are they with the choice they made.
of our customers say that the primary reason for choosing Netwrix Auditor was its functionality.
of respondents are able to detect anomalous user activity before it leads to a security incident.
of respondents state that Netwrix Auditor is a strategic investment that helps them improve overall security.
Together with flexibility and cost savings, cloud technology has also brought new security challenges and risks. They may vary depending on how much the cloud is used for storing sensitive assets, how heavily regulated the industries are, how experienced the cloud customer is and other factors. Nevertheless, security remains a major concern for cloud users.
This report is based on the data received for the 2018 Cloud Security Report but is segmented by
industries and regions to provide detailed overviews of the current state of cloud security in various
groups of participants as well as their plans to improve it.
of health care and government entities are concerned about malware, though it is the number two concern for all industries surveyed.
of educational institutions perceive their own employees to be the biggest threat to cloud security, which is the largest share among the industries surveyed.
of North-American and European organizations have chosen to improve employee training in order to strengthen cyber security.
Analysts predict that customers are going to be responsible for the vast majority of cloud security failures. The third annual Cloud Security Report reveals how far our respondents are ready to go with cloud adoption, whether they trust the cloud enough to store sensitive data there, and how they protect data in the cloud.
of organizations store sensitive data in the cloud; mostly it consists of customer, employee, financial and sensitive business data, as well as intellectual property.
of organizations share the opinion that employees represent the biggest risk to cyber security.
of organizations blame their own IT users for security incidents in the cloud.
The report provides an in-depth study of what organizations do to minimize various IT risks in security, compliance and operations. It complements and completes the 2017 IT Risks Report by focusing on various industries, organizational sizes and regions.
of financial organizations do not have a separate cyber-security function.
of manufacturing companies have zero visibility into mobile devices, despite the wide use of mobile devices for work purposes.
of healthcare organizations are fully aware of what is happening in their databases
With the 2017 IT Risks Report, Netwrix continues to analyze how organizations are working to combat various IT risks. The report is based on a survey of IT pros concerning the IT risks they deal with on a daily basis, the processes and resources they have in place to address those risks, and how prepared they are for today’s cyber threats. Key findings presented in the report include:
of organizations have experienced security incidents, due mainly to malware and human errors.
of organizations had operational issues, which were most frequently caused by accidental, incorrect or malicious user activity.
of respondents had compliance issues, mostly due to their inability to provide proof of compliance or quickly find required data.
Our annual customer survey provides insight into how organizations improve their security and compliance processes, as well as the efficiency of their everyday IT operations, with Netwrix Auditor. It also offers valuable first-hand feedback about real-life use cases and the benefits companies get with the software.
of customers perform routine tasks faster.
of surveyed organizations maintain security policies more efficiently.
of respondents have simplified and accelerated preparation for IT compliance audits.
The Netwrix 2016 Cloud Security Report offers insight into how cloud challenges and benefits have evolved since 2015. We survey how cloud adoption has impacted cyber security, what poses the largest threat to data security in the cloud and whether organizations are ready to embrace the cloud fully.
of organizations use the cloud today, while in 2015, only 43% did.
of organizations are concerned about the security and privacy of data and systems in the cloud.
of organizations see their own employees as the biggest threat to data security in the cloud.
The 2016 Netwrix Visibility Report explores whether organizations have visibility into various elements of their IT infrastructures and whether visibility helps organizations to succeed in ensuring they have control over their IT environments and in mitigating various risks, including insider threats. The report also reveals how organizations worldwide perceive that the current state of visibility will change in the near future.
of technology users claim to have zero or partial visibility into their cloud and hybrid environments.
of respondents are either not aware or only partly aware of what is happening to their unstructured data and file storage.
of organizations do not have complete visibility into user, IT staff and third-party activity in their IT infrastructures.
The 2016 IT Risks Report unveils how IT changes influence various cyber risks and how well organizations are prepared to beat them. We explore current IT auditing tendencies, whether organizations have relevant IT controls and visibility into IT environments to mitigate cyber risks.
of organizations experienced security incidents that involved malicious activity.
of surveyed companies had operational issues caused by malicious, incorrect, and unauthorized IT changes.
of respondents had compliance issues due to lack of visibility into IT changes.
SIEM solutions are considered to be advanced mechanisms for improving security for any enterprise. At the same time, SIEM systems have certain limitations that make them inefficient without additional investments in technology and personnel, which in turn significantly increase the total cost of SIEM ownership.
Netwrix studied the opinions of IT pros who use SIEM solutions for security and IT infrastructure monitoring. The purpose of the survey was to find out what bothers IT pros the most about their existing SIEM solutions and what ways they see to leverage their SIEMs.
of companies want to reduce SIEM expenses.
of respondents say it's hard to find necessary data upon request in SIEM solution.
of IT pros strengthen their SIEM through integration with IT auditing solution.
A top-notch user experience has always been one of the main business goals for customer-driven companies. This survey was undertaken to gain a better insight into customer feedback, identify the most popular use cases and make sure that customers achieve positive results with Netwrix Auditor. Our goal to further improve our offer and meet customers’ needs and expectations.
of customers pass compliance audits faster.
of respondents are able to better maintain security policies.
of IT pros have significantly reduced time-consuming routine tasks.
Cloud technology is gaining increasing attention from businesses looking for technological innovations to optimize expenses and operations. The cloud offers modern businesses different advantages, such as scalability, global availability, streamlined operations, and reduced costs.
However, like any other immature technology, the cloud has flaws. The most common concern associated with the cloud is its security. We have decided to explore this problem to find out what IT professionals think of cloud adoption, how critical the security issue is for these professionals and how this issue impacts the entire decision-making process.
of surveyed IT pros indicated that data security is their number one concern associated with the technology.
of companies are afraid that migration to the cloud will increase risks of unauthorized access.
of enterprises perceive continuous auditing of cloud infrastructure as a very important part of security guarantees.
In light of the wave of data breaches affecting diverse companies we decided to continue researching into how companies deal with IT changes and initiated a second survey to find out how massive security breaches and violations of compliance standards have changed the organizations’ attitudes toward change management.
IT professionals answered questions about change management controls in their organizations and shared some insights about how these policies worked in the real world. The main question that intrigued us was whether companies became more proactive in achieving visibility into their IT infrastructures, and therefore became more successful in strengthening security and ensuring system uptime.
of surveyed IT pros stated they from time to time make undocumented changes, against 57% in 2014.
of enterprises have established change auditing processes to monitor their IT infrastructures, against 52% in 2014.
of small companies have started to track changes despite the lack of change management controls, against 30% last year.
Security has always been a hot topic, especially for large companies that solve this issue with deploying SIEM solutions, which is a bold step toward delivering visibility to cyber security posture. SIEM solutions allow you to look into security logs and gather information that helps manage user and service privileges, as well as identify and report on security threats and suspicious activity.
This survey was meant to find out how IT professionals are leveraging their SIEM to provide visibility across the entire IT infrastructure and how this helps them strengthen IT security.
of surveyed IT pros stated that they have encountered security violations of their IT infrastructures.
of SMBs make little effort to ensure security of their IT infrastructures and struggle to monitor changes.
of IT professionals admitted that deploying a SIEM solution didn’t prevent security incidents from happening.
Changes to critical IT systems are a daily part of any IT organization’s ability to meet the constant barrage of requests for improved, faster and more efficient services. Without any means to track what has changed, an IT organization has little ability to know what change was the root of a data breach or what caused a system to stop functioning properly.
The report provides an idea of how organizations today see the impact of changes made, the use of change auditing and the methods and processes intended to maintain security and system availability.
of surveyed IT pros have made changes that caused services to stop.
of IT professionals have made a change that was the root cause of a security breach.
of companies have little or no real ability to audit the changes made, revealing serious gaps in meeting security best practice or compliance objectives.