Effective cybersecurity is a highly mobile target, which makes threat information highly valuable for IT professions as they plan for which safeguards to implement. As eWeek columnist Robert Lemos recently noted, it can also serve as a justification for increases in data security spending. However, a recent survey found that the majority (80 percent) of organizations rely solely on the annual reports published by security vendors.

These reports have two primary shortcomings. The first is that annual data is of limited effectiveness in a threat ecosystem that can change by the week. The second, according to Lemos, is that not all of the information presented in these reports is useful to technical staff. In particular, survey respondents expressed frustration over the lack of guidance for securing financial resources for their data security deployments.

Strained budgets and the lack of available guidance suggest affordable solutions such as data encryption software may be an effective way for improving a company's security posture. Particularly as the bring-your-own-device trend - which was recognized as the top data security threat for 2013 - gains traction, companies will likely benefit most from solutions that are not reliant on hardware.

"While companies gain productivity and lower costs when employees use their own information devices, they lack the security controls typically enforced on internal devices," Lemos wrote, expanding on the threat posed by BYOD. "In addition, distributed denial-of-service attacks are increasingly being used to mask other aspects of an attack."

Moving beyond compliance
Compliance often serves as the primary justification for IT spending increases, and it has emerged as a top priority as North American businesses plan for the next year. According to a TechTarget survey of 382 IT professionals, compliance concerns came in ahead of both mobile and the cloud.

Many regulatory mandates, such as those in the Health Insurance Portability and Accountability Act, require the use of data encryption software for sensitive information. Ben Cole, associate editor for TechTarget, highlighted some of the challenges associated with meeting compliance requirements. One pain point is that there are numerous mandates and a given organization is likely subject to multiple regulations. For this reason, it is crucial to develop a compliance strategy that outlines current practices and aims to fix potential data security gaps before a breach happens.