Technology Push Puts Security on Back Burner

Friday, November 4, 2011 @ 03:11 PM gHale


It is no secret among security professionals that security needs to intertwine with new technology from the get go. But organizations are rushing to adopt new technologies including cloud computing, tablets and social media, and are leaving security as an after-thought, a new survey said.

Despite increased security budgets, organizations still lack the ability to tackle new and increasingly complex security threats, according to Ernst & Young’s 14th 2011 Global Information Security, which includes responses from 1,700 organizations.

RELATED STORIES
DHS: Critical Infrastructure Under Attack
Attackers Winning Security Battle
Survey: In Age of Attack, Providers Less Aware
Cyber Report: Chemical Industry Under Attack

While it’s good news 59 percent of respondents plan to increase their information security budgets in the coming 12 months, only 51 percent of respondents said they have a documented information security strategy in place.

Additionally, 35 percent of respondents said security budgets would remain the same over the next year, and 6 percent said information security budgets would decrease.

As information security budgets as a percentage of overall IT spend have increased over the years, budget increases alone don’t appear to be solving many of the problems organizations face when it comes to security.

When asked if the information security function is meeting the needs of their organization, 49 percent of respondents answered “yes”. For those who answered “No”, 17 percent cited budget constraints as the reason why. Other reasons cited included lack of skilled resources (13%) and lack of executive support (9%).

While 72% of respondents are seeing an increasing level of risk coming from increased external threats, only about a third of respondents have updated their information security strategy in the past 12 months.

With 80% of organizations currently using or considering using tablets, the adoption of tablets and smartphones ranked second-highest on the list of technology challenges perceived as most significant, with more than half of respondents listing it as a difficult or very difficult challenge.

Policy adjustments and awareness programs are the top two measures used to address risks posed new mobile technology. The adoption of security techniques and software, however, is still low. For instance, encryption techniques are used by fewer than half (47%) of the organizations. In another interesting note, 66% of respondents said they have not implemented data loss prevention (DLP) tools.

“Data is everywhere. Confronted with diminishing borders, cloud services and business models in the cloud, companies are asking themselves how to respond to new and emerging risks and whether their strategy needs to be revisited,” said Paul van Kessel, Ernst & Young Global IT Risk and Assurance Leader. “The focus must move from short-term fixes to a more holistic approach integrated with long-range strategic corporate goals.”

Despite 61 percent of respondents saying they were currently using or considering the use of cloud computing services within the next year, many organizations are still unclear of the implications of cloud and are increasing their efforts to better understand the impact and the risks. In 2011, 48% of respondents listed the implementation of cloud computing as a difficult or very difficult challenge, and more than half have not implemented any controls to mitigate the risks associated with cloud computing. The most frequent measure is stronger oversight on the contract management process with cloud providers, but even this occurs with 20% of respondents.

“In the absence of clear guidance, many organizations seem to be making ill-informed decisions, either moving to the cloud prematurely and without appropriately considering the associated risk, or avoiding it altogether. Although many organizations have moved to the cloud, many have done so reluctantly.”

Social networking is becoming an essential component of business. From online marketing to supporting clients and interacting with prospective customers, social networking is a valuable tool for businesses small and large. While social media brings benefits to an organization, it can also lead to decreased productivity and increased risk, with confidential company information leaking, or inappropriate content exposing companies to risks such as non-compliance, data loss, and legal issues.

To help address potential risks posed by social media, organizations seem to be adapting a strict policy measures as a response, with more than half (53%) saying their organization blocks access to sites rather than embracing the change and adopting enterprise-wide measures. However, these strict security measures and outright blocking of social media can be a hindrance to marketing efforts and other communications efforts and putting organizations at disadvantage.



Leave a Reply

You must be logged in to post a comment.