|
By Michael Eggebrecht
A majority of chief information security officers at federal agencies are using Web 2.0 technologies in their organizations and are confident that they have effective security measures in place, according to a new survey. The CISOs’ use of the cloud, on the other hand, is much more limited and there are a number of security concerns preventing increased adoption of the much hyped computing model.
Of the 31 federal IT security officers surveyed, 62 percent said that they use social media as part of their mission delivery system, and 78 percent of those said that they have enforced security policies in place. The survey was conducted during the first quarter of the year by ISC2, a non-profit that offers education and certification programs for IT security professionals, in partnership with Cisco Systems and Garcia Strategies.
A couple of years ago, a similar survey from Cisco found deep concerns among CISOs about how the usage of sites like Facebook and YouTube could affect the security of their agencies, says David Graziano, operations director for security for the U.S. public sector at Cisco. Now, he says, they not only have policies in place, but they have the ability to enforce them.
There is a recognition of the power of social networking tools “as long as there is control over distributed usage among employees,” says the report. And the high rate of adoption likely reflects the Obama administration’s embrace of social media. The Marine Corps, for one, in March lifted its ban on social networking to let Marines in the field maintain communications with home.
While the CISOs also see potential benefits in the cloud, the security concerns are still too much of an obstacle for many. Seventy-two percent of the respondents said they don’t use cloud computing, due largely to security issues. Of those, 45 percent pointed to concerns about being able to replicate their security policies in the cloud, followed by issues surrounding data loss prevention (20.7 percent).
“People are being very cautious about it,” says Lynn McNulty, a consultant at ISC2. “If they’re looking at a cloud application then they’re looking around to find the least sensitive one, the lowest-risk one, in order to get their feet wet and get some experience in using cloud computing applications.”
As CISOs gain more experience with the public cloud, security continues to improve, and they are able to begin extending their security policies into the cloud, Cisco’s Graziano sees adoption heading in the direction that social media has taken over the past years. “But today it’s kind of a question mark.”
According to the survey, CISOs are largely happy with their jobs, with 63 percent saying that they are satisfied or very satisfied with their positions, which McNulty and Graziano attribute in part to the increased recognition of the importance of cybersecurity in federal agencies and the growth in the role and responsibilities of the CISOs.
“In the past there’s been a lot of frustration over resources and being ignored,” says McNulty. “I think that people feel pretty good about themselves and what they’re doing these days.” The CISO role is becoming more strategic and managerial in nature, adds Graziano.
As CISOs look to build their staff, 30.2 percent of new hires will come from converting contractors to government employees, according to the survey. Another 29.8 percent of jobs will be filled from within, said the IT security officers, while 28.9 percent will come from the private sector. The CISOs foresee 20.1 percent of their hiring activity coming from the federal Scholarship for Services program.
In terms of threats to IT security, 27 percent of the CISOs named exploitable software vulnerabilities as the most severe, followed by insiders (24 percent), foreign nation states (21 percent) and poorly trained users (12 percent).
Only registered users can write comments.
Please login or register. |
