EMC Corporation (NYSE: EMC) has revealed a wave of fresh insights about the IT strategies and infrastructures deployed within companies and governments throughout the world. Most notably, a startling lack of senior executive confidence permeates organisations globally, specifically concerning readiness around the critical IT requirements of continuous availability, advanced security, and integrated backup and recovery. Reduced investment in these critical areas threatens the ability of IT infrastructures to withstand and quickly recover from disruptive incidents such as unplanned downtime, security breaches and data loss, and underscores the need to adopt progressive strategies to achieve Trusted IT infrastructures.
View complete survey details here.
The Global IT Trust Curve survey, spanning 3 200 interviews across 16 countries and 10 industry sectors, also quantified wide-ranging geographic and industry variations. China received the top maturity ranking: Chinese IT decision-makers reported implementing the highest concentration of sophisticated continuous availability, advanced security, and integrated backup and recovery technologies. The United States ranked second in maturity on the IT Trust Curve. Underscoring swift and aggressive technology investments to solidify their world influence, three of the four most mature countries - China, South Africa and Brazil - are BRICS nations. Japan ranked last on the IT Trust Curve in the 16-nation survey.
David Goulden, EMC President and Chief Operating Officer, said: "The four big mega-trends in information technology today are cloud computing, big data, social networking and mobile devices. Adoption and maturity of these trends must float upon a sea of trust - trust that my information is secure in the cloud; trust that my data won't be lost or stolen; trust that my IT will be operational when it needs to be - which, these days, is all the time. The more trust that can be earned and guaranteed, the bigger and faster the impact of these trends. Conversely, the less trust that is established, the more limited these trends will be. Where countries fall on the IT Trust maturity curve could affect their overall ability to compete."
Chief among the findings are:
* Lower levels of maturity permeate the globe:
* More than half (57%) of all respondents fall into the lower maturity categories, while only 8% place in the Leader category.
* The higher organisations land on the maturity curve, the more likely they are to have already implemented more strategic and leading-edge technology projects such as big data analytics.
* Lack of confidence in technology infrastructure:
* Nearly half (45%) of all respondents globally report that their senior executives are not confident that their organisations have adequate availability, security, and backup and recovery capabilities. In South Africa, this number is also 45%.
* When asked about executive confidence levels, the percentage of all respondents within each maturity level who said their senior executives are confident that their organisations have adequate availability, security, and backup and recovery are: Laggard (39%), Evaluator (51%), Adopter (65%) and Leader (81%). Within South Africa, the percentages who report their senior teams are confident are: Laggard (33%), Evaluator (51%), Adopter (52%) and Leader (85%).
* Japan has the smallest percentage of respondents (31%) reporting that their senior teams have confidence in these key aspects of IT; Germany has the highest percentage (66%).
* Nineteen percent (nearly one in five) of respondents worldwide cite an overall lack of trust in their technology infrastructure. In South Africa, this number decreases to 15%.
* Significant disparity exists between how IT and business leaders perceive improvements:
* While, globally, 70% of IT decision-makers consider the IT department to be the motivation/drive for future resilient and secure IT infrastructure, the number drops to 50% for business decisions-makers when asked the same question. The split within South Africa is 75% of IT decision-makers and 56% of business decision-makers.
* A similar perception gap extends in key disciplines such as security. While, overall, 23% of respondents globally reported being victims of a security breach in the past 12 months, this was 27% of IT decision-makers compared to only 19% of business decision-makers, indicating they are not aware of all technology incidents that impact the business. The overall average of 23% compares to 9% of all respondents within South Africa reporting being victims of a security breach - the lowest of any surveyed country.
* Organisations with higher levels of maturity avoid - and recover more quickly from - disruptive incidents... and with reduced consequence. For example, globally:
* Fifty-three percent of organisations in the Leader segment of the IT Trust Curve reported data recovery time measured in minutes or less for their most mission-critical applications. The percentage drops to 28% across all maturity tiers.
* Seventy-six percent of companies in the Leader segment believe they are able to recover 100% of their lost data in every instance versus only 44% in the Laggard segment.
* Overall, organisations in the lowest maturity segment (Laggard) lost one-and-a-half times more money over the last 12 months as a result of downtime than those in the highest maturity segment (Leader).
* Security breaches were the most costly events suffered by respondents globally, who reported an average financial loss over the last 12 months of $860 273 due to breaches, followed by $585 892 and $494 037, respectively, for data loss and downtime. In South Africa, the averages were $139 722 for security breaches, $420 435 for data loss and $177 816 for downtime - among the lowest responses from the surveyed countries.
* Widespread unplanned downtime, security breaches and data loss:
* Sixty-one percent of all respondents' companies have suffered at least one of the following incidents: unplanned downtime (37%), security breach (23%) or data loss (29%) in the last 12 months. In South Africa, the percentages change to: unplanned downtime (48%), security breach (9%) and data loss (25%) in the last 12 months, with 62% experiencing at least one of these.
* Top four consequences globally across organisations experiencing at least one of the above incidents within the last 12 months were loss of employee productivity (45%), loss of revenue (39%), loss of customer confidence/loyalty (32%) and loss of incremental business opportunity (27%). Within South Africa, the results change to the following: loss of employee productivity (59%), loss of revenue (53%), loss of customer confidence/loyalty (44%), and delay in product/service development (43%).
* Budget constraints (52%) reigned globally as the number one obstacle to implementing continuous availability, advanced security, and integrated backup and recovery solutions. Resources and/or workload constraints (35%), poor planning (33%) and knowledge and skills (32%) rounded out the top four overall. China was the only country that did not report budget as the number one obstacle, instead citing resources and/or workload constraints (50%). Within South Africa, the top constraints are: budget (57%), resources and/or workload constraints (43%), planning and anticipation (31%), and knowledge and skills (29%).
* Top security concerns identified across all respondents were third-party application access (43%) and protection of intellectual property (42%), pointing to the need for more advanced technology and intelligence-driven models:
* There remains a heavy reliance on "prevention-oriented" security tools, with more than 80% of all respondents using anti-virus and firewalls as the two most popular security solutions.
* Just 18% worldwide have adopted security information and event management (SIEM) and even fewer, 11%, have adopted governance, risk and compliance (GRC) solutions, which provide the necessary monitoring and response capabilities needed to defend against more advanced threats.
* Highly-regulated industries throughout the world displayed proportionally higher maturity levels:
* In addition to the IT and technology (#3) industries, the remaining top five most mature industries globally are the highly-regulated financial services (#1), life sciences (#2), healthcare (#4) and public sector (#5) industries.
Executive and analyst quotes
Irina Simmons, Chief Risk Officer, EMC
"Most IT practitioners do everything within their power and control to protect the enterprise. Where breakdowns can occur is in communicating up to business leaders, executives, boards and audit committees. We hear it from boards all the time. Practitioners need to be able to demonstrate to leadership that they have a governance process whereby they can adequately instil confidence that risks are being addressed in line with the organisation's overall risk appetite and profile. Success against a particular threat is not just an accident or good luck, but the result of a solid process that continually monitors and addresses new risks and threats to the enterprise."
Dave Martin, Chief Security Officer, EMC
"The time has come for the industry to double down. It's impossible to deliver advanced security if we lack foundational maturity. Without a predictable environment, or understanding of where our assets are, or an ability to pick up on nuances and detect behavioural anomalies, we will be unable to defend the organisation. That baseline of foundational maturity is an absolute enabler of effective security and establishing overall trust."
Christian Christiansen, Program Vice-President for IDC's Security Products and Services Group.
"Among the many powerful insights that flow from this global study, the rampant lack of senior executive confidence stands out as both alarming and, unfortunately, a sign of the times. Nearly half of respondents say their senior management has zero confidence that their organisations are prepared with adequate availability, security, and backup and recovery. That one startling fact stands as a wake-up call for company boards to make the necessary investments to brace against both external and self-imposed disruptions and threats to their IT systems and data."
Additional resources
* View full survey results at the IT Trust Curve interactive microsite
* Video: Irina Simmons, Chief Risk Officer, EMC
* Video: Dave Martin, Chief Security Officer, EMC
* Reflections Blog: (insert Irina's blog title/link)
* Connect with EMC via Twitter, Facebook, YouTube and LinkedIn
Methodology
Survey data is the result of 3 200 interviews conducted by Vanson Bourne of 1 600 IT and 1 600 business decision-makers from the United States, the United Kingdom, Canada, Brazil, France, Germany, Italy, Spain, Russia, India, South Africa, Australia, Japan, China and the Nordic and Benelux regions. Respondents were employed at companies within 10 industry sectors, with 50% working for organisations with 100 to 1 000 employees and the other 50% at organisations with more than 1 000 employees.
To create the maturity curve, IT decision-makers were asked specific questions relating to IT infrastructure in each of the three pillar sections: continuous availability, advanced security and integrated backup and recovery. Within each section, respondents scored points for the sophistication of their organisations' existing technology, but not for anything in the planning stages. Each section was scored out of a total of 18 points and combined to give a total overall maturity score out of 54. This score was then multiplied by a scaling factor to normalise the curve and give a total score out of 100 points. Once scored, these IT decision-makers were divided into four even segments from a low to high score; Laggards (scoring 1-25), Evaluators (scoring 26-50), Adopters (scoring 51-75) and Leaders (scoring 76-100).
Please click here to view our inforgrpahic.
Share