We would like to start with a quote from a security report based on research of 110 companies from industries including financial services, the government, and IT. The quote is quite long but really interesting:
More than two-thirds of IT security resources remain allocated to protecting the network layer, while less than one-third of the staff and budget resources were allocated to protecting core infrastructure such as databases and applications.
When comparing the potential damage caused by breaches, most enterprises believed that a database breach would be the most severe.
Nearly 66 percent of respondents said they apply a security inside out strategy, whereas 35 percent base their strategy on endpoint protection.
Even with this fundamental belief in strategy, spending does not truly align as more than 67 percent of IT security resources—including budget and staff time—remain allocated to protecting the network layer and less than 23 percent of resources were allocated...