As new technologies like cloud computing, tablets and social media continue to push their way into organizations, one thing that is getting left behind is security, says a new survey.
It’s not that organizations aren’t investing in security – security budgets are up overall – but they lack the ability to tackle new and increasingly complex security threats, according to Ernst and Young’s 2011 Global Information Security Survey. The survey interviewed 1,700 IT and security executives across various industries in more than 50 countries.
While 59 percent of respondents plan to increase their IT security budgets in the next year, 49 percent said their information security is not meeting the needs of the organization.
The main threats are some of the newest technologies being implemented by organizations – mobile, cloud computing and social media. With 61 percent of respondents saying they are currently using or considering cloud computing services within the next year, 52 percent said their organizations have not implemented security to mitigate new risks related to cloud computing. Yet 90 percent said they believe external certifications would increase their trust in cloud computing.
Some of the new risks and challenges brought about by cloud computing including new compliance and privacy concerns; information security and data integrity; governance, risk management and assurance; and regulatory impacts.
“In the absence of clear guidance, many organizations seem to be making ill-informed decisions, either moving to the cloud prematurely and without appropriately considering the associated risk, or avoiding it altogether,” the reported stated. “Although many organizations have moved to the cloud, many have done so reluctantly.”
An estimated 80 percent of organizations currently use or are considering using mobile devices like tablets and smartphones. Mobile devices represent the second highest challenge for organizations after cloud computing, with more than half of respondents saying it is a difficult or very difficult challenge. Encryption techniques are used by only 47 percent of the organizations and 66 percent said they have not implemented data loss prevention (DLP) tools.
As more companies utilize social networking, it can also lead to decreased productivity and increased risk. The study found confidential company information can be leaked, or inappropriate content exposes companies to risks such as non-compliance, data loss, and legal issues.
In response, 53 percent of respondents say their organization blocks access to sites rather than embracing the change and adopting enterprise-wide measures. Rather than protecting information, this can be a hindrance to marketing and other communications efforts, the report states.