IT security fails to keep pace with the rise of cloud computing

5 Nov 2012

In the past year, 85pc of organisations have seen an increase in cyberattacks and while the cloud continues to be one of the main drivers of business model innovation, security measures are not keeping pace.

According to the Ernst & Young Global Information Security Survey 2012 of 1,850 CIOs and CISOs in 64 countries, the number of organisations using cloud technology has doubled in the last two years.

However, 38pc of global and 37pc of Irish organisations have not taken any additional measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.

The survey also suggests that cloud computing uptake in Ireland is different in character to elsewhere – one in five global organisations cited hybrid cloud (public and private) in current use, whereas no Irish respondents indicated this was the case.

The survey reveals that a third of Irish and global organisations experienced a higher number of security incidents in the last year. Only 10pc of Irish respondents report that their information security function fully meets the needs of their organisation compared to 16pc globally.

“Organisations are making gradual improvements to their information security capabilities,” Hugh Callaghan, Ernst & Young IT Risk and Assurance Services director explained.

“However, reliance on short-term solutions exposes organisation to a higher risk of widening gaps in their security controls, leading to breaches, as well as increased operational overhead.

“These improvements are often reactive, point solutions to address specific issues rather than part of a coherent, holistic approach. This is supported by the fact that 76pc of Irish respondents and 63pc of global respondents indicated there was no overall security architecture framework in place.”

Mobile threats and BYOD

The rise of BYOD and consumerisation of IT – driven by the revolution in mobile devices and networks – is a key contributor to the increase in vulnerabilities.

“Responses suggest that organisations recognise they need to do more on mobile technology. Advances have been made by Irish companies in adopting security techniques and software, with 76pc of Irish organisations having mobile encryption and mobile device management software in place.”

This is in sharp contrast to 40pc of global organisations using some form of encryption technique on mobile devices and only 36pc deploying management software.

With more risks and more technology to secure, global organisations are responding by increasing budgets and adjusting their priorities.

Plans to increase investment in new technologies

More than half of organisations reported plans to increase their budget by more than 5pc in the next 12 months both globally and in Ireland. In terms of where the budget is assigned, the top Irish investment priorities are securing new technologies (75pc), business continuity, and security governance and management (both at 43pc).

Notably, the proportion of global organisations planning to reduce security spend amounted to just 5pc compared to 24pc in Ireland.

With just 5pc of chief risk officers currently responsible for information security, many organisations lack the formal risk assessment mechanism provided by the risk function, resulting in 48pc of Irish organisations having no threat intelligence programme in place.

“The pace at which cyber threats evolve is accelerating and organisations’ reliance on technology and automation is increasing in response to cost and efficiency drivers,” O’Callaghan explained.

“Combined with ever more stringent regulatory requirements, organisations now need to run just to keep up with the current security threats and vulnerabilities. In practical terms, this means investment in capability – people, process and technology – and a systematic, risk-based approach to the issue through implementing a structured information security framework.

“Without this, organisations will simply prolong the race to keep up and will ultimately fall further behind,” O’Callaghan warned.

Join Ireland’s digital leaders who will gather to discuss cloud computing and the big data revolution at the Cloud Capital Forum on Friday, 23 November, at the Convention Centre Dublin

Cloud security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years