Cyber security has reached the board room
Posted: 05 Oct 2014, 12:16
 | The enterprise world has developed an IT infrastructure that not always has been a top down decision. In many cases the big tech company (Microsoft) has been pushing from the bottom: All employees have Windows at home and do want the well known system at work too. Students get low prices etc. In some cases this has developed to workflows that simply "did happen" rather than as a result of leadership. The tech guys had all the power and in the board room they had more important business to take care of. |
This is changing these days. The attention the insecurities get and the examples of abuse of IT we have seen lately; has brought IT security into the board rooms.
(EMA: The Evolution of Data-Driven Security )
The report also indicated the presence of serious boardroom pressure to keep the enterprise secure—that figure has jumped almost one-third in the last 12 months, making security paramount and a primary consideration over other business initiatives.
And they are putting funds into it:
When asked if they had been provided with sufficient human and financial resources for IT security in the last 12 months, four out of five ITDMs said yes.
So the money is there and so is the awareness.
This has led to the cancellation of many planned projects simply because the focus has changed from "what can be done with this technology" to "How can we achieve this in a secure way".
The majority of ITDMs have been provoked into action by rising data privacy concerns (90 percent) and securing big data initiatives (89 percent); in the majority of cases this means new IT security investment.
The most popular strategies are mobile-related applications and clouds, where many serious security issues can be found. This has had a cooling effect.
The survey also unveiled that a total of 53 percent of all ITDMs surveyed have slowed down or canceled a new application, service or other initiative because of cyber-security fears.
The sensible fears need to be analyzed and many will say (based on real life study cases) that they cannot be all eliminated so the Enterprises will have to decide if they are willing to take the risk or simply keep dropping it until it is 100% secure.
Until the risks are 100% clear; there will be no other option than to wait, for most serious enterprises.
The high-profile issues surrounding data privacy are provoking action, with 90 percent of ITDMs planning to change their outlook on IT security strategy in response. Of these, 56 percent are inclined to invest more money and resources to address the challenge, with 44 percent preferring instead to rethink existing strategy.
This will require more from the tech companies too.
The current marketing of how truly trustworthy they are and how seriously they take it, is not enough; they need to document that their solutions are safe beyond any sane doubt.
Global players will also have a problem with documenting that they are not influenced by one particular country to give it some advantages over the other countries.
The problem lies in the fact that they have no control over that, when they come up with a solution where the clouds are always within some countries borders, then the US courts have decided that those data are under US jurisdiction and must be delivered to the US authorities if the court so orders.
That is a security concern in other countries and against EU -Law.
More here
