The rise of cloud services, mobility and social media is creating a new security paradigm and companies are having difficulty keeping up.
In its 2011 Global Information Security Survey, Ernst & Young found that cloud, mobile and social are three key trends affecting information security and businesses are struggling to maintain tight control as these new models take hold within their organizations. The survey probed 1,700 IT and security executives across various industries in more than 50 countries.
During a webinar discussing the survey's findings, Ernst & Young said 61 percent of respondents are currently using or evaluating cloud services within the next year. Ernst & Young Information Security Leader Jose Granado said the increase in cloud usage is prompting new questions around security, as companies question where their data is stored, who has access to it and what whether it's co-mingling with other data.
"We're not saying that 61 percent are rushing to the public cloud," he said, noting that cloud services will be a mix of public, private and hybrid environments moving forward.
The survey also found that 52 percent of organizations said they have not implemented controls to mitigate new risks related to the use of the cloud, and 90 percent said they believe that external certifications would increase their trust in cloud computing.
Granado said that it appears the industry rushed into the cloud and didn't pay close enough attention to some of the risks involved, which are coming to light more as the cloud matures.
"I don't think we've thought through as a discipline what all of the risks are," he said.
Some of the new risks and challenges cloud computing presents include new compliance and privacy concerns; information security and data integrity; governance, risk management and assurance; and regulatory impacts.
Ernst & Young recommends companies trust, but verify cloud services through their vendors, partners and providers; and plan for continuity while selecting providers that are transparent about backup and failover. It's also recommended that companies use standard security processes and techniques that have worked in the past and align them to cloud, such as access control and other data protection techniques. And it is increasingly important to align business and information security strategies, the research indicates.
Next: Mobile, Social Impacting Security