When the Trustwave forensic investigators recently probed a data breach at a restaurant, they noticed a security product sitting unused. The owner explained that it was a firewall appliance he purchased a while back, but never learned how to set it up.
Unfortunately, the owner is not alone in this predicament. Too many businesses purchase security technologies only to realise they do not have the manpower, skills or time to ensure the solutions are properly installed, updated and working. As a result, the software turns into 'shelfware,' unused and collecting dust, further opening up the organisation to risk of an attack.
To document the extent of this problem, Trustwave has just published a new report called "Security on the Shelf." The survey is based on 172 IT professionals who work at SMBs and enterprises about security controls they have purchased, including those they have never used.
Some of the highlights include:
More money being spent on security: Organisations spent significantly more on security-related software, hardware and services in 2014 than they did in 2013.
Security sits on the shelf: Twenty-eight percent of organisations are not getting the full value out of their security-related software investments.
Not enough resources for security: The four most significant reasons for shelfware were all focused on insufficient IT staff resources: IT being too busy to implement the software properly, the department not having enough time to do so, there simply were not enough people available to help, or IT did not understand the software
No matter the size of the business, in-house IT professionals are often overwhelmed. The consequences of having inadequate resources are only compounded by having to cope with skilled attackers, sophisticated threats, massive data proliferation, continued worker mobility and the rise of internet-connected devices.
To both stay protected and ensure revenue-generating IT projects are getting done, many businesses are finding relief by partnering with a third-party team of experts whose sole responsibility is to manage their security.
Don't let your security investment go to waste on the shelf.
