he top security initiatives for European companies in 2014 will be data loss prevention, mobile and network-based security, and identity and access management, according to research by TechTarget and Computer Weekly.

According to a poll of more than 900 IT businesses across Europe, each of these will be implemented by around a third of companies.

However, the trends come as no surprise – the number of embarrassing high-profile data breaches continues to grow on a regular basis.

Close behind these initiatives are threat detection (27%), vulnerability management (26%) and virtualization security (24%).

UK trends

In the UK, mobile security is the top initiative by 40% of UK respondents, followed by identity and access management (38%) and network security (35%).

The UK also tracks higher than the European average on the question of implementing mobile security at 30% compared with 22% across the region.

The UK is also above the regional average when it comes to mobile device management at 40%, compared with 30%.

But overall these security priorities very closely track the top broad initiatives by European businesses for 2014 of mobility (36%), consolidation (34%) and virtualization (34%).

Changing priorities

It is interesting to note that compliance has dropped from top position (29%) in 2013 to eighth position at 17%, possibly indicating an effort to improve security in real terms instead of achieving compliance.

Security initiatives also track the most high-profile projects for 2014, topped by server virtualisation (51%), which is in line with the goals of maintaining (14%) or reducing (12%) IT spend.

Virtualization is followed by smartphones (40%), mobility (37%), backup for virtual servers (36%), network management and monitoring (36%), network-based security (35%), Identity and access management (33%), mobile endpoint security (32%), and data loss prevention (32%).

Although among the top projects for 2014, encryption and threat detection are relatively low down on the list, with just 28% of respondents planning projects in these areas.

Similarly, 27% of respondents said they would implement threat-detection initiatives in the coming year, with 24% for encryption.

While the security industry is moving to intelligence-led systems, investment in this area remains relatively low, with just 23% planning to implement security data-management analysis.

While attackers are moving up the software stack from operating systems to applications, companies appear to be slow in tracking this development with just 20% investing in application-based security.

And despite ongoing concerns about security in the cloud, just 21% of respondents said they plan to implement cloud security, compared with 31% predicting budget increases for cloud computing.

Implementing cloud technology

A quarter of respondents said their companies plan to implement private cloud initiatives in 2014, while 22% plan to invest in external cloud projects.

The relatively low investment in cloud security is inconsistent with the survey results, which reveal that protecting data loss is second only to regulatory compliance as a concern about cloud.

Few companies are planning to use cloud computing for security-related services, the survey revealed.

Just 20% of respondents plan to use cloud-based disaster recovery and business continuity services compared with 48% planning to use infrastructure services, followed by storage (39%).

Security as a service

Similarly, just 8% across Europe and 10% in the UK plan to use security as a service (SaaS), compared with 44% planning to use software as a service in Europe and 46% in the UK.

Interestingly, the proportion of companies that plan to use SaaS is down from 14% across Europe in 2013 and 16% in the UK.

With IT departments focusing on maintaining or reducing IT spend, helping the business automate and expand support to business, top projects for 2014 are in virtualization, mobility and network optimization.

Security priorities are based on those goals and projects, with a heavy emphasis on visualization and mobile security.

However, businesses cannot afford to ignore perennial cyber threats, so it comes as no surprise that data loss prevention, encryption, threat detection and vulnerability management are fairly high among IT security priorities for 2014.

Via: computerweekly