New Technologies; Security Playing Catch Up

Friday, February 25, 2011 @ 05:02 PM gHale

Technology is evolving at break neck speed and that is creating a security nightmare for IT departments across the globe, according to a new study.

Just look at where mobile technology, social media and cloud computing stand today compared to even one year ago.

That is why there is an increasing pressure to provide even more services to organizations to protect not just the organization’s systems and data, but also its reputation, its end-users, and its customers, according to the 2011 (ISC)² Global Information Security Workforce Study (GISWS) conducted by industry analysts Frost & Sullivan. The problem is the workers that should take care of these issues are not prepared, according to the study.

“The information security profession could be on a dangerous course, where information security professionals are engulfed in their current job duties and responsibilities, leaving them ill-prepared for the major changes ahead, and potentially endangering the organizations they secure,” a summary of the findings states.

The survey polled more than 10,000 information security professionals worldwide and found more than half, 51 percent, of all organizations allow end users to access Facebook at work. Even more, 63 percent, had access to LinkedIn.

“Unfortunately, many information security professionals still appear to believe that social media is a personal platform and are doing little to manage the threats associated with it,” the study’s author writes. “Frost & Sullivan was disappointed to see that 28 percent of information security professionals worldwide reported having no organizational restrictions on the use of social media. EMEA was even higher, with 31 percent of respondents reporting they had no restrictions on the use of social media.”

Among those polled, most said application vulnerabilities represent the number one threat to organizations. More than 20 percent of information security professionals reported involvement in software development. Mobile devices were the second highest security concern for the organization. One-third of respondents did not have a formal policy in place for unmanaged mobile devices. However, most did use a variety of technological tools to protect mobile devices, including encryption, network access control and mobile virtual private networks.

The adoption of cloud computing is also posing a threat, the survey finds. Among respondents, 73 percent said cloud computing requires new skills for security professionals. When asked what new skills would be required for cloud computing, half of the participants identified contract negotiation skills as one of their top three requirements. This selection trailed the desire to develop a detailed understanding of cloud computing chosen by 93 percent, as well as the desire for enhanced technical knowledge chosen by 81 percent of participants.

“A clear skills gap exists that jeopardizes professionals’ ability to protect organizations in the near future,” according to the survey’s summary. “This is not to say the industry is doomed. If the projected growth in number of information security professionals and concurrent increases in training continue, these risks can be reduced.”

Leave a Reply

You must be logged in to post a comment.