Woe for the CIO Part 2 – keeping data secure

Published on 10th January 2013 by Penny Jones

Last blog I looked at CIO concerns over EU regulation. This time I am focussing on security concerns in Europe.

I will go further than corporate data breaches, however, and look at the results of surveys that investigate how CIOs are dealing with the security of the Cloud. Both areas seemed to be of interest to vendors releasing surveys at the end of 2012.

First I will start with data breaches in general.

In December, Quest Software (now Dell Software after the tech giant completed its acquisition in September last year) highlighted the scattered way in which data is now handled across enterprises in Europe.

It commissioned Vanson Bourne to survey CIOs in the UK, France and Germany to pinpoint the areas in which current security policies fail. It found personnel (42%), customer (33%) and human resources (31%) information was the most likely content to be shared on social networks and third-party websites – essentially exposing this data to realms outside of the business.

The good news is that internal legal teams seem to be pushing for better data security measures. It said 62% of CIOs interviewed have felt pressured into moving towards better security practices in the last year – CEOs and regulators are also pushing for better control.

It is not surprising, really. In recent times corporate attacks and misuse of data appears to be on the rise.

Quest Software information security expert for EMEA Phil Allen said European CIOs failure to protect data can result in huge fines, costing up to £2.2m in lost revenue and loss of corporate reputation.

I would say the Cloud is about to make the environment even riskier.

Just recently a number of US banks were hit by a Distributed Denial of Service attack that originated in the Cloud. Instead of placing botnets in PCs hackers, hoping to affect service delivery, targeted servers supplying cloud services instead.

Servers can act as a den for botnets. And they have much more power and can make such an attack much more severe than a network of PCs. Hackers reportedly hijacked large scale clouds remotely – the affect was the loss of a number of US banking sites.

Cloud beware
So it is no surprise that research undertaken by London-based colo provider City lifeline found that 87% of businesses interviewed thought the public cloud was not safe enough. It said 63% preferred to run with a private cloud.

And while 84% of CIOs interviewed by Robert Half Technology, an IT recruitment consultancy (which interviewed 250 IT directors), said they were very concerned about the risks associated with IT security breaches, less than half – 45% - actually test cloud vendor’s security system and procedures before making use of the service.

 It found 61% of its sample – from the private and public sector – were using cloud-based services but only one in ten of the CIOs interviewed said they were not taking any proactive action to address cybersecurity concerns.

Robert Half spokesperson Ryan Rubin said the statistics indicate that there is an inherent trust in cloud service providers – “that they have good security governance in place or there is a lack of visibility of potential risks associated with using them”.

But he said in some cases, the risk is likely to live in the fact that in many cases, the CIO is not behind the decision making process or even adoption of a new cloud service.

“An increasingly high percentage of IT security breaches involve third parties,” Rubin said.

“Whilst companies may migrate IT towards cloud providers in an attempt to reduce costs, they cannot outsource their information security risks.”

CONNECT WITH US

Sign in


Forgotten Password?

Create MyDCD account

Regions

region LATAM y España North America Europe Em Português Middle East Africa Asia Pacific

Blogger

 

Penny Jones is the Global Editor for FOCUS online and FOCUS magazine