Last week, I attended the Ernst & Young media roundtable to hear the results of its 2010 Global Information Security Survey (GISS). The survey includes responses from participants in 1,598 organizations in 56 countries across all major industries.
With the increase in the use of external service providers and the adoption of new technologies such as cloud computing, social networking and Web 2.0, companies are increasingly exposed to data breach threats. In fact, 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. And according to the survey, companies are taking a proactive stance as 46% indicated that their annual investment in information security is increasing. Though IT professionals are trying, not all are succeeding in keeping up with new tech threats.
“I’ve never seen this kind of shift in IT before,” said Jose Granado, the America’s practice leader for information security services within Ernst & Young. “Security professionals are trying to keep up with the pace, but aren’t really doing a great job. The have limited resources and a limited budget.”
A concern for IT professionals is mobile computing. Demands of the mobile workforce are driving changes to the way organizations support and protect the flow of information. In fact, 53% of respondents indicated that increased workforce mobility is a significant or considerable challenge to effectively delivering their information security initiatives. Aside from investing more on data loss prevention technologies, 39% of respondents are making policy adjustments to address the potential new or increased risks.
“You have to implement realistic policies,” said Chip Tsantes, principal within the financial services division of Ernst & Young. “They need to be liveable and workable, or else people will go around them. You can’t simply ban things.”
Another major concern for IT pros is the gaining popularity of cloud computing. Both Granado and Tsantes were shocked to learn that 45% of respondents (primarily those on the non-financial services side) are currently using, evaluating or are planning to use cloud computing services within the next 12 months.
“From the standpoint of a traditional IT security professional, endorsing or supporting a cloud environment is counter-intuitive,” said Granado. “How do I know where my data is and how do I know it is protected?”
So how do companies increase their confidence in cloud computing? According to the survey, 85% say that external certification would increase their trust.
So I asked Granado and Tsantes if they could tell me when they believed there would be a universal set of standards for cloud computing providers. Granado feels there is a two-to-three year timeline in regards to having something solidified. He says businesses are going to drive it; If businesses continue to push, “cloud providers would have to follow.” With more and more sensitive data calling the cloud home, let’s hope Granada is being conservative with his estimate.
