What is the level of challenge related to effectively delivering your organization’s information security initiatives for each of the following?
Sixty percent of respondents perceived an increase in risks due to social networking, cloud computing and personal devices in the enterprise.
Summary: Survey respondents recognize the risks associated with current technology trends and are taking the necessary steps to protect their information. However, keeping pace with emerging threats and risks due to a more connected, virtual business environment is a challenge.
Our 2010 survey results are encouraging in that many organizations recognize the risks associated with current trends and new technologies such as:
Together, these changes are extending the enterprise — driving professional collaboration and personal interaction to new levels.
What is the level of challenge
related to effectively delivering your
organization’s information security
initiatives for each of the following?
These new technologies represent an opportunity for IT to deliver significant benefits to the organization and fulfill the initial promise — or hype — that many technologies have failed to live up to in the past.
New technology means new risk
However, new technology also means new risk, which hasn’t gone unnoticed by our survey participants.
It is in this changing and borderless environment that information security professionals must find a way to manage risks and protect their organizations’ most critical information assets.
Despite continued economic pressures, organizations are spending more to address information security challenges, including those related to delivering security in a borderless environment.
Forty-six percent of respondents indicated that their annual investment in information security is increasing.
Increasing investment alone will not guarantee protection.
Companies must also establish more comprehensive IT risk management programs that identify and address the risks associated with new and emerging technologies.
Our survey revealed that this is one area that most organizations could improve upon, as only 30% of respondents indicated that they have an IT risk management program in place that is capable of addressing the increasing risks related to the use of new technologies.
How we can help you create borderless security
In this report, we take a closer look at how organizations are specifically addressing their evolving information security needs in the changing, borderless environment.
We also examine potential opportunities for improvement and identify important short and long-term trends that will shape information security in the coming years.
- Establish a detailed IT risk management program that identifies and addresses the risks associated with new and emerging technologies
- Undertake a risk assessment exercise to identify potential exposure and put in place appropriate risk based responses
- Take an information-centric view of security, which is better aligned with the organization’s business and information flows
- Increase the investment in data leakage prevention technologies, encryption, and identity and access management services — focusing on the people who use the technology
- Gain an understanding of the risks created by the use of new technologies — including technologies adopted personally by employees that may be used for business purposes
- Information security policies should be reviewed and adjusted appropriately to establish the acceptable use and any specific restrictions related to mobile computing devices
- Increase security awareness training activities for the mobile workforce
- Push enterprise security out to end-point devices to protect critical business information and provide better alignment with the organization’s risk profile
- Assess the legal, organizational and technological risks as well as the security issues related to placing information into the public cloud
- Develop a company strategy, a governance model and an operational approach to cloud computing use, including the information security function to help define policies and guidelines
- Set standards and minimum requirements to enable your organization to adopt cloud computing in as secure a manner as possible Social media
- Provide the online communities and social collaboration tools that the new workforce expects, but do so with a view that aligns enterprise requirements with personal responsibility to protect sensitive business information
- Raise security awareness and personal responsibility to levels that have not been achieved before
- Inform every member of the organization on the risks and issues related to social media