Ask most people working in the enterprise IT security sphere what they would wish for and the majority will jump down your throat in a mad rush to call for a bigger budget. My elderly mother continues to warn about be careful what you wish for, and I’ve never quite really understood what she means. I doubt very much, to be honest, that she had IT security budgets in mind at any time during the last 80 years but perhaps she should have done. New research would seem to confirm something that I have often thrown out there, and that is the simple fact that money is not the be all and end all of data security. There, I’ve said it. Sorry.

At the risk of playing into the hands of the bean counters who would slash your budgets at the drop of a hat, the latest NetIQ survey reveals more than half (59 percent) of all IT budgets are currently allocated towards security yet some 70 percent of those asked admitted they had been hit by a security breach of some sort or other. Those IT security budgets are increasing year on year, with 77 percent confirming that budgets this year were higher than last. So what’s gone wrong?

Malware accounted for 76 percent of data security incidents, with external data theft not far behind on 74 percent and insider data theft much the same with 72 percent. When asked what the most difficult challenges were in the data security defence game, 64 percent of those asked said ‘lack of time’ to properly monitor the increasing amount of data involved, while 55 percent were worried about managing data in the cloud and 54 percent equally worried about virtualised environments in general. Bizarrely though, 44 percent of survey respondents also claimed that the IT security solutions in place today were much better than those of five years ago despite the number of breaches still being extremely high.

While Jay Roxe, Solution Marketing Director with NetIQ, opts to point out that organisations should be able to “monitor activity across multiple environments, proactively identify and mitigate security threats in real time and allow for meaningful data analysis so that proactive controls can be implemented” in order for security teams to better make use of their time and resources, I have a slightly less complex take on the matter. Throwing money at data security is not a silver bullet solution, you need to step back, re-evaluate the needs of the enterprise holistically and, perhaps most importantly, invest your time into educating users and management alike about data security best practises. Simples.