Playing Catch-Up: IT Departments Face Security Dilemma

American businesses may be putting the cart before the horse when it comes to social media, mobile applications and cloud computing. While IT departments used to be the ones that identified and deployed businesses’ technology needs, today they are playing a game of catch-up that could have serious implications for companies, their employees and the public.

That’s the finding of a new study based on a survey of more than 10,000 information security professionals  worldwide that shows that a growing number of technologies being widely adopted by employees and management are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers over the next several years.

The research, conducted by Frost & Sullivan, said new threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have stretched information security professionals thin, and like small leaks in a dam, the  overworked work force may be showing signs of strain.

Conducted on behalf of (ISC)2, a not-for-profit organization that educates and certifies information security professionals, the study also shows a severe gap in skills throughout the industry. Information security professionals said they needed better training, but reported in significant numbers that many of these technologies are already being deployed without security in mind.

“In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around,” said Robert Ayoub, global program director — network security for Frost & Sullivan. “Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide.

“We can reduce the risks, however, if we invest now in attracting high-quality entZodiacs to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are under way, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected.”

Other key survey findings:

Trouble on the go

While nearly 70 percent of respondents reported having policies and technology in place to meet the security challenges of mobile devices, mobile devices were still ranked second on the list of highest concerns by respondents. The study concludes that mobile security could be the single most dangerous threat to organizations in the future.

Tarnished lining?

Cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security. More than 50 percent of respondents reported having private clouds in place, while more than 70 percent reported the need for new skills to properly secure cloud-based technologies.

Social studies

Professionals aren’t ready for social media threats. Respondents reported inconsistent policies and protection for end-users visiting social media sites, and just less than 30 percent had no social media security policies whatsoever.

The organization (ISC)2 suggested its research might be the largest study of the information security profession ever conducted. It said 10,413 information security professionals from companies and public sector organizations around the world were surveyed in the fall of 2010, including 61 percent in the Americas, 22.5 percent in dollarpe, the Middle East and Africa, and 16.5 percent in Asia Pacific. Forty-five percent were from organizations with more than 10,000 employees.

The average experience of respondents worldwide was more than nine years, while 5 percent of respondents held executive titles such as chief information security officer. Additionally, Frost & Sullivan supplemented the analysis with other primary data sources and methods.

This story was provided by BusinessNewsDaily, sister site to IT TechNewsDaily. Jeanette Mulvey is the managing editor of BusinessNewsDaily. She has written about small business for more than 20 years and formerly owned her own e-commerce business. Her column, Mind Your Business, appears on Mondays only on BusinessNewsDaily. You can follow her on Twitter at @jeanettebnd or contact her via e-mail at [email protected].