Borderless security 'a big challenge'
Information security systems must expand and adapt to meet the demands of the enterprise in an evolving borderless world, according to a global information security survey by Ernst & Young (E&Y).
Companies and Information security leaders are facing a changing business environment, where traditional enterprise boundaries are quickly evaporating, said the survey, which covered nearly 1,600 respondents from 56 countries, including from the Middle East.
It is also an environment driven by an increase in workforce mobility, greater adoption of cloud computing services and a growing use of social media and collaborations tools within the enterprise, the E&Y said in its 13th annual global information security survey.
A significant increase in use of external service providers and business adoption of new technologies such as cloud computing, social networking and Web 2.0 is recognized to increase risk for 60 per cent of respondents.
Yet, in spite of this, less than half (46 per cent) intend to increase their annual investment in information security, the study added.
Less than a third of global businesses have an IT risk management program in place capable of addressing the risks related to the use of new technologies, it stated.
In spite of the rapid emergence of new technology, just one in ten companies consider examining new and emerging IT trends a very important activity for the information security function to perform, the study said.
On data security and integrity concerns, Wasim Khan Mena IT Services and Telecom Leader, E&Y said: 'The region is seeing one of the fastest uptakes of smart mobile devices in the world and the demand for access to corporate and sensitive data from remote locations has grown in tandem.'
'Over the next few years, we expect companies to come alive to the security risks posed by mobile and online leakages and upgrade their security infrastructure,' he added.
Wasfi Masri, executive manager, IT Advisory Ernst & Young Jordan, said, 'In the Mena region, the Government and Public Services sector has been at the forefront of the adoption of Internet-based customer reach. This has brought on risks to which they were previously unexposed to.'
'The correct focus on protection against these new risks is critical to the success of these initiatives,' he added.
The study showed that over half of respondents state that increased workforce mobility poses a considerable challenge to the effective delivery of information security initiatives.
This is due to the widespread use of mobile computing devices which allows individuals to access and distribute business information from anywhere at any time. For almost two-thirds (64 per cent) of those surveyed, employees’ level of security awareness is recognized as a considerable challenge.
Half of respondents plan to spend more over the next year on data leakage and data loss prevention – a seven percentage point increase from last year. To address potential new risks, 39 per cent are making policy adjustments, 29 per cent are implementing encryption techniques and 28 per cent are implementing stronger identity and access management controls.
“Increased mobility and limited control over end-user devices can also cause problems. This is especially true when trying to implement effective and efficient business continuity and disaster recovery capabilities,” Wasim added.
The study also showed that cloud computing services are gaining greater adoption: 23 per cent of respondents are currently using cloud computing services and a further 15 per cent are planning to use it within the next 12 months.
When asked if an external certification of cloud service providers would increase trust, 85 per cent of respondents said yes, with 43 per cent stating that the certification should be based upon an agreed standard and 22 per cent requiring accreditation for the certifying body.
Organizations will be pressed for both time and resources to mitigate the risks involved but will have no choice but to address them, the study concluded.