Ponemon 2017 Report: The Need for a New IT Security Architecture

February 22, 2017

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix.


The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization.

This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and the technologies respondents believe are most effective at dealing with these risks.

Outdated Security Solutions

Organizations are concerned they will not be able to manage emerging risks because of outdated security solutions.

  • 69 percent of respondents say their organization’s existing security solutions are outdated and inadequate.
  • What is needed, according to 74 percent of respondents, is a new IT security framework to improve security posture and reduce risk.
  • A new strategy is important in order to manage potential risks from the Internet of Things (75 percent of respondents).

Trends in IT Security Risk

The findings reveal that most risks, with the exception of globalization of the workforce, are very significant. The top cybercrime risks are:

  • Nation state attackers (80 percent of respondents)
  • Breaches involving high-value information such intellectual property and trade secrets (79 percent of respondents)
  • Malicious or criminal insiders (76 percent of respondents)
  • Cyber warfare or cyber terrorism (76 percent of respondents)

An Evolving Workplace

The workplace is changing and so are the human factor risks.

While 81 percent of respondents are concerned about the inability to hire and retain security staff with knowledge and credential, employee behaviors are creating risks that pose a significant risk.

  • Employee complacency about security (74 percent of respondents)
  • Lack of employee awareness of security practices (72 percent of respondents)
  • The inability to control employees’ devices and apps (71 percent of respondents)

Complexity and legacy drag is a familiar problem that leads to high cost and contributes to shortage of competent professionals. Complexity and outdated security architectures create risk and weaken security posture.

Complexity is a Security Risk

Complexity of business and IT operations is a significant security risk.

According to 83 percent of respondents, too much complexity is making organizations more vulnerable to security threats. Other trends are the growth of data assets (78 percent of respondents) and the process of integrating third parties into internal networks and applications.

Complexity is created in part by security vendors, who for decades have sold point solutions into IT environments with little thought to integration, maintenance and the cost of expertise to maintain their products.

Important Technologies for IT

Certain technologies are needed for a new IT security infrastructure.

Respondents believe their organizations’ IT security solutions are outdated and failing to mitigate the risks of cybercrime, employee behavior and organizational problems. The most important technologies are:

  • Identity & access management (78 percent of respondents)
  • Machine learning (77 percent of respondents)
  • Configuration & log management (76 percent of respondents)

An Architecture to Secure Identity in a Boundaryless Hybrid Environment

As reflected in the concerns of survey respondents, aging security infrastructure and point products create complexity, increase cost and risk and contribute to the critical security staff shortages.

New security architectures that protect digital identity of all users across boundaryless hybrid environments and myriad devices are required.


We know, according to Verizon's 2016 Data Breach Investigations Report, that the #1 cause of data breach is compromised user identity.

We know that eliminating multiple identities and passwords, combined with least-access least-privilege policy and multi-factor authentication (MFA) everywhere is one effective way to contain and prevent attackers from gaining access to critical resources.

What then are the critical elements of a new IT security architecture that protects all users and applications and improves productivity and security posture?

Hint: It’s not a collection of acquired company products Frankenstein’ed together in engineering, with marketing making it “appear” to be a platform.

  • A modern security architecture is purpose-built, based on a powerful vision to protect digital identity for all users across hybrid cloud and mobile environments.
  • It’s built on a single code-base, with API’s SDKS’s that support security industry standards and integrates with other technologies
  • It’s constantly evolving

Protect Cloud, on Premises Apps

Simplify and secure access to cloud, mobile and legacy apps like Office 365, Google for Work, Dropbox, ServiceNow, and SAP. Automate provisioning and single sign-on to get your users productive on day one.

Mac and Mobile Management

Empower your mobile workers, support bring your own device (BYOD) initiatives and provide secure access to cloud, mobile and on-premises apps.

MFA Everywhere

Prevent compromised credentials by implementing MFA across every user and every IT resource. Block cyberattacks at multiple points in the attack chain.

Internal and External Users

Ensure that your employees, contractors, partners and customers have secure access to the right resources, at the right time, for the right reason.

Privileged Access Security

Secure the modern enterprise by granting both internal and outsourced IT secure, privileged access to hybrid infrastructure. 

Secure Hybrid Cloud

Secure access to Infrastructure-as-a-Service (IaaS) management platforms like Amazon AWS as well as the IaaS virtual machines through role management and multi-factor authentication.

Regulatory Compliance

Centrify addresses the specific requirements of key industry and federal regulations with a unified identity platform that helps you control, audit and report on access to sensitive data while reducing complexity and keeping users productive. 

Big Data Security

Secure your complex Big Data environments with centralized identity management for better access control, privilege management and user-level auditing.

Learn how to rethink security with our new e-book, “Rethink Security: A Massive Paradigm Shift in the Age of Access.”

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.