IT security is often a game of catch-up — as companies adopt new technologies, IT departments are forced to come up with ways to secure them. That’s especially the case these days, as cloud computing and the consumerization of IT have given the IT department less control over the company’s tech decisions.
Now, companies and their users are adopting technologies and implementing software and services without input from the IT staff, who then must scramble to prevent and respond to security incidents.
That’s why, now more than ever, companies are struggling to keep up with new IT security threats, according to Ernst & Young’s 2012 Global Information Security Survey.
The survey of 1,850 IT pros found that many organizations are adopting new technologies, even though they’ve yet to take steps to make sure they’re being used securely. Because of that, these are the biggest IT security challenges businesses are likely face in the end of this year and through 2013:
1. Cloud computing
The number of companies investing in cloud computing services is increasing rapidly, and 59% of the companies in Ernst & Young’s survey are using cloud computing or planning to. That’s up from 44% last year and 30% in 2010.
While those moves to the Cloud are helping businesses save money, increase flexibility and achieve other benefits, a downside of that fast growth is that most companies’ IT security policies and procedures haven’t adapted to that trend. In fact, 38% still haven’t taken any steps at all to mitigate the risks of cloud computing.
But with the Cloud becoming more popular, all organizations should consider those new threats and take some steps, such as developing procedures for vetting cloud computing service providers, creating policies on cloud provisioning and the use of cloud accounts, and come up with a plan to encrypt sensitive data in the Cloud.
2. Mobile devices
The use of mobile devices at work in increasing, too, especially when it comes to tablets. Right now, 44% of companies allow the use a personal or work-issued tablet, way up from 20% in 2011. And the majority workers are now using personal smartphones at work, according to some recent surveys.
However, companies still haven’t taken all the steps necessary to protect themselves against the IT security threats caused by those devices. For example:
- Just over half (52%) have adjusted their policies to account for personal devices
- Only 40% have offered user awareness training on the new IT security threats
- Just 40% are encrypting sensitive data on mobile devices
- Only 36% are using mobile device management software, and
- Only 31% have a process to manage the use of mobile apps.
3. Social networking
Though social networking has been around for several years, it recently went from being a threat to employee productivity to becoming essential for most businesses. However, 38% of survey respondents said their organization has no coordinated approach to managing social media risks, and just 19% have an approach that’s led by IT security staff.
At this point, though, nearly all organizations should probably have some kind of social media policy that covers what employees should avoid when they use social networking at work or on behalf of the company.