A new survey from Chicago-based managed security service provider (MSSP) Trustwave revealed that IT security software is being "left on the shelf" in some organizations.

The survey of 172 IT professionals showed that 28 percent of respondents said they believed they were not getting full value out of their security-related software investments.

Trustwave also noted that organizations with 1,000 Internet users or fewer spent more than twice as much on IT security ($157 per user) than organizations with more than 1,000 Internet users ($73 per user).

Other Trustwave findings included:

  • Organizations spent more on security-related software in 2014 than they did in 2013 – $115 per user in 2014 versus $80 in 2013, representing a 44 percent year-over-year increase.
  • Of the $115 per user that organizations spent on security-related software in 2014, $33 of this investment was either underutilized or never used at all.
  • Thirty-five percent of respondents said one of the reasons that their security-related software "sat on the shelf" was that they believed their IT department was too busy to implement it properly. 33 percent also said they did not believe that their IT department had the necessary manpower to deploy this software properly.

"Businesses are managing more data than ever before and that data is flowing through all kinds of devices. With technologies like bring your own device (BYOD), more potential attack vectors are available to a criminal," Josh Shaul, Trustwave's vice president of product management, told Talkin' Cloud.

Cloud services providers (CSPs), however, can partner with enterprises and small and medium-sized businesses (SMBs) to ensure that these organizations are safe against malware, viruses and other cyber threats, according to Shaul.

Click here for Talkin' Cloud's Top 100 CSP list

Trustwave noted that the number of users served by cloud and/or managed security services is expected to increase by 43 percent in 2015, and Shaul pointed that CSPs can offer security services to help enterprises and SMBs protect their sensitive information at all times.

"Cloud services providers should look to offer security ideally as part of whatever services they are offering – if security can be baked in and always on, we all benefit," he said. "Another option is for cloud vendors to offer security as a premium add-on for their clients. Whichever approach the vendors choose to go to market, bundling the necessary security features and capabilities in with services delivered from the cloud is the only way we'll give organizations the confidence they need to move their sensitive workloads off-premise."

Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.