Though organizations are increasing spending to protect data, many still feel pressured to reduce IT expenditures in other areas, leading them to look externally for efficient solutions, according to a new survey.
Despite an unproven track record, 45 percent of organizations are currently using, evaluating or planning to use cloud computing services within the next 12 months. The risks associated with cloud computing include data leakage, with 52 percent identifying it as the largest associated risk, followed by 39 percent who cite the lost visibility of company data as an increased risk of cloud-based solutions.
However, most respondents (85 percent) indicate that external certification of cloud service providers would help to evaluate security controls and increase trust.
Evidence also suggests that few organizations have fully assessed the risks associated with social networking. Just one-third report that social media presents a considerable information security challenge and only 10 percent say examining new and emerging IT trends is a very important information security function.
The focus in information security is shifting from a technology-only approach to a technology and people approach, as information security becomes an expanded function of which all employees are aware of and have a responsibility to adhere to. Without clearly defined and communicated security policies on the use of new technology, organizations' exposure to risk will increase.
Comment from Jose Granado, Ernst & Young LLP's Americas practice leader for Information Security Services: The combination of more mobility, increased social access to information and outsourcing to the cloud requires a change in traditional information security paradigms. The 'outsiders are now the insiders,' meaning people and organizations outside the borders of the traditional corporate environment play a role in helping to achieve information security objectives, but can also pose a risk to protecting your information. A comprehensive IT risk management program must focus on people, processes and technology to address information throughout its life cycle, wherever it resides.
About the survey: Ernst & Young's 2010 Global Information Security Survey was conducted between June and August 2010. Nearly 1,600 organizations in 56 countries and across all major industries participated.
Contact: The full report is available here.
No comments:
Post a Comment