CDW Security Study: Why Are Automation and Zero-Trust Initiatives Lagging?

Rising cyberthreats are driving a need for security automation among Canadian organizations and security teams view automation as key to improving productivity and desired outcomes for their organizations.

New security architectures based on zero-trust principles and intelligence-based threat detection provide granular visibility into security events, but can also create a significant amount of alert overhead for security teams, says CDW Canada’s Chief Technologist, Cybersecurity, Ivo Wiens.

“Many Canadian organizations have turned to security automation to enable high-fidelity detection and faster incident response and security agility,” he says.  

For 63 percent of Canadian organizations, rising cyberattacks are a leading driver of security automation. A total of 59 percent see automation as a way to improve security staff efficiency. According to Wiens, automation use cases such as alert aggregation, enrichment and prioritization can significantly improve efficiency for Tier 1 and Tier 2 security operations centre (SOC) analysts, which frees up time for high-value activities like investigations and threat hunting.

Canadian organizations face several challenges as they seek to modernize their IT security. Budgetary constraints remain the largest hurdle, followed by lack of necessary tools for automation. Wiens says organizations must also strive to create a strategic plan for security modernization and commit to continuous improvement through automation and modernization. By doing so, they are likely to see quantifiable improvements to their security posture – and their ability to combat the growing threat of cyberattacks.

Zero trust in IT and cybersecurity is a philosophy that assumes internal and external threats are always present. It dictates how organizations should approach their IT security postures and the investment they need to make to effectively defend against threats. Zero-trust principles also help to define frameworks for IT security modernization and automation.

While recognizing that zero-trust architectures are essential in an era of hybrid work, CDW’s Security Study reveals Canadian organizations tend to overlook an important zero-trust principle – the assumption of breach and verification of any data and resource request.  

“Zero-trust architectures are essential in the era of hybrid work and are rapidly gaining traction as the threat landscape evolves, which is a positive finding,” Wiens says. “Finally, zero trust is moving from the shadows to the foreground. However, the growth of hybrid workforces has expanded potential attack surfaces.”

He adds that Canadian organizations made significant investments in digital transformation initiatives in recent years and many had rapidly expanded these efforts during the pandemic.

“Cloud services are ideal for business continuity and operational efficiency, supporting business innovation, hybrid work and increased mobility,” Wiens says. “However, perimeter-based security architectures are limited in their ability to protect critical systems from cyberattack when users, data, devices and services are spread across multiple locations. That is why the security principles of zero trust have rapidly gained traction.”

Rising cyberattacks are a grave concern for Canadian organizations and a top driver of adoption of zero-trust architectures. The CDW Security Study shows reducing the number of security incidents is a top benefit that 71 percent of Canadian organizations sought to realize through zero-trust initiatives. A total of 66 percent said they believe zero-trust security architectures will make their organizations digitally resilient, while 61 percent said they believe it will make remote work more secure.

Even though Canadian organizations seem to understand the benefits of zero-trust architectures, execution is often heavily skewed in favor of identity and access management (IAM) rather than detection and response. The CDW Security Study shows:

• 66 percent of Canadian organizations have implemented network connections that are identity, context and device aware
• 58 percent have a policy for data classification, loss prevention and encryption
• 54 percent grant access to IT resources based on the principles of least privilege

But Canadian organizations fall short when it comes to monitoring data, assets, applications and services for threat detection. Only 30 percent of respondents say their organizations have a policy for threat monitoring.

“Canadian organizations are investing more heavily in identity and access management than in threat detection and response tools,” Wiens says. “While IAM is an important component of zero trust, threat detection and response tools are also critical for ensuring security in the cloud.”

CDW’s 2023 Canadian Cybersecurity Study was authored by IDC Canada and is based on an independent survey of more than 550 IT security and risk & compliance professionals across six industries. The resulting study assesses the cybersecurity challenges of their organizations, what were their greatest concerns regarding cyberthreats and identifies the security tools and strategies they use and are adopting.

The study provides comprehensive analysis and offers insightful recommendations by IDC’s security experts for how Canadian organizations can minimize risks and improve their cybersecurity defences and responses.