Sharing the results of the 14th edition of the Ernst & Young Global Information Security Survey
IT Nation 2.0
Despite the impact of the credit crunch and the current market conditions, smart investments in Information Security are increasingly important for Luxembourg companies as is for the rest of the world. The increased media attention on data security breaches and the ongoing focus from the financial regulators on whether companies are effectively protecting their customers’ personal information are few examples of the motivations for Luxembourg entities to include IT security on their agendas.
The added attention is a consequence of increasing risks based on the different ways in which organizations interact with their people and with other organizations are changing at an unprecedented rate. Through mobile computing and new technologies like cloud computing and social media, the connections and flow of information now reach far beyond the walls of the conventional office. The result is that the traditional boundaries of an organization are vanishing and current information security paradigms are moving towards a new concept, often referred to as I-Security
The appeal of this “mobile”, “virtual”, “distributed”, “shared”, “outsourced” world is seductive and reasons are countless and legitimate such as flexibility, rationalization of infrastructure, server consolidation, reducing energy consumption, faster technology, transfer costs and responsibility. And according to the preliminary results of the 14th edition of the Ernst & Young Global Information Security Survey (GISS) 2011, one of the longest running annual surveys of its kind, while Luxembourg entities might be slightly behind in the implementation of these new technologies, they are fully in line with the current global trends in trying to utilize the advantages proposed by the evolving technologies.
The 2011 GISS was conducted during the summer of 2011 amongst the Luxembourg companies, both belonging to the financial and the industry sectors. The survey was categorized into four sections: investment & challenges, threats & risks, tools & technology, and governance & controls. As companies take advantage of these innovative "lighter-weight" services and social media based technologies, they were confronted with new I-Security challenges. How can your company protect your company's data when in it resides outside your four walls or borders? What security controls are still effective and what needs to change?
According to the preliminary results, two important aspects emerged:
- The adoption and implementation of new technologies were often faster than understanding and responding to risks and security issues associated with it (i.e. partial or total loss of visibility on the location and management data, and methods and procedures for access to information).
- Regulatory and legal issues are still priorities in this changing and borderless world: the importance to enforce regulatory compliance and best practices in security and data protection has been underlined by almost all the participants.
In order to present all the outcomes with Luxembourg perspective, Ernst & Young is organizing an event at its premises on November, the 15th 2011 aimed at showing final results of the GISS and underlining how Luxembourg companies are responding to the new critical risks coming from the current IT changing world. The event will be addressed to all the survey participants and will include a presentation on the topic by of the one of the largest actors in the market. This event will represent an important occasion to share ideas and questions on what Information Security really means for Luxembourg and which are the next coming steps to address this new “I-Security age”.
By Piet-Hein Prince, Director, IT Risk and Assurance, Ernst & Young, Luxembourg
Maxime Brière, Manager, IT Risk and Assurance, Ernst & Young, Luxembourg
Posted on 16 February 2012