About
Subscribe

What's keeping CIOs up at night?

Tarryn Giebelmann
By Tarryn Giebelmann, Sub-Editor
Johannesburg, 23 May 2012

What's keeping CIOs up at night?

is keeping IT professionals up at night, according to the latest findings of InformationWeek's 2012 Strategic Security Survey, Computing reports.

More than half of the 900-plus IT and security professional respondents say it's their greatest network security challenge.

And they're right to be worried. Overall, the state of organisations' security programmes is "adequate for , but not good enough to prevent even basic attacks',' says Michael A. Davis, CEO of Savid Technologies, a Chicago-based technology and security consulting firm, who authored the report on the survey findings. The problem, from Davis' standpoint, is that most programmes are broad and cover all the various compliance requirements, from cloud security, business continuity and disaster recovery, to mobile devices and everything in between.

"Sadly, though, most programmes don't include good metrics programmes to gauge their effectiveness and most focus on meeting the minimum requirements, rather than taking a best practices-based approach that is customised to the environment at hand.”

According to CenterBeam, with a large amount of tablets, smartphones, laptops and other devices with WiFi capabilities coming into the workplace, businesses need mobile device management tools to help keep direction. The survey said 24% of companies still use problematic software to help keep up with mobile security. These companies need a solution that fits better and helps them stay more secure.

"The survey found that while 40% of organisations limit the range of devices supported and require that users connect to a mobile device management system, 42% allow employees to bring in any device and permit it to access the network as long as the user agrees to certain policies, which usually means trusting users to 'do the right thing'," according to Network Computing. "Meanwhile, 10% allow user-owned devices with no restrictions whatsoever."

Market Watch reports that fully half of the 946 respondents cited identity and password management as the most valuable security practice, a significant finding because access control is the most important security process in every organisation, yet very few security teams spend enough time on it.

Other findings, writes Virtual Strategy, were that 25% say smartphones and tablets represent a significant threat to security, with loss or theft their greatest concern when it comes to mobile devices; 29% conduct their own risk assessments of cloud providers, up from 18% in 2011; and just 33% invest in a secure software development life cycle; of those using SDLC, 33% find it very effective.

Share