|
By Mark Henricks
The top threats to organizational information security come
from the cloud, mobile devices and, to a lesser extent, social networking,
according to a global survey of senior executives. The poll, Borderless
security: Ernst & Young’s 2010 Global Information Security Survey,
questioned nearly 1,600 senior executives in 56 countries and found 60 percent
perceive increased risk from use of cloud computing services, personal mobile
devices at work and employee activity on social networks.
Nearly two-thirds (64 percent) of respondents said data
protection was one of the top challenges generated by these technologies. Most
(52 percent) said the use of personal devices was the main source of data
leakage. Another majority (53 percent) opinion held that workforce mobility had
created a considerable challenge to information security.
One of the most widely held viewpoints was that employee
awareness of security posed a significant challenge. More than nine of 10 (92
percent) expressed this viewpoint.
“Most organizations recognize the increased risks associated
with mobile computing and are taking steps to address these issues,” according
to Bernie Wedge, Americas Information Technology Risk and Assurance practice
leader at Ernst & Young. “They are making policy adjustments, increasing
security awareness actvities and employee training, as well as implementing
encryption techniques and identity and access management controls.”
Wedge also noted that change was being propelled by the
trend toward accessing corporate data using mobile devices and those maintained
and accessed by customers, vendors or other business partners. “Therefore, companies
must think about security beyond their employees, data centers and firewalls,”
he said.
Sixty-two percent of respondents said business continuity
plans were among the top five priorities this year. And half plan to increase
spending on data leakage and data loss prevention efforts over the next year.
Budget pressures, however, are leading many to look externally for efficient
solutions.
That road leads to the cloud for 45 percent of
organizations. That’s the percentage that are using, evaluating or planning to
employ cloud computing services within the next 12 months. The move to the
cloud comes despite a perception of security risk associated with that track.
Fifty-two percent said data leakages were the largest risk with the cloud.
Another 39 percent listed lost visibility of company data as a concern.
An overwhelming majority (85 percent) indicated that
external certification of cloud service providers would help them to evaluate
security controls and increase the level of trust in the cloud.
Social media was considered a sizable information security
challenge by just a third. And only 10 percent said examining new and emerging
IT trends was a very important information security function.
In one interesting trend, respondents indicated the focus in
information security is shifting from a technology-only approach to a
technology and people approach. “The combination of more mobility, increased
social access to information and outsourcing to the cloud requires a change in
traditional information security paradigms,” said Jose Granado, Ernst &
Young Americas practice leader for information security services.
Only registered users can write comments.
Please login or register. |
