Research from (ISC)2 finds while most organizations are embracing mobile technologies, social media and cloud computing, their security staff are not upgrading skills and policies to ensure adequate protection
Rapid adoption of mobile technology, social media and cloud computing in the workplace is creating a security problem for IT departments worldwide as they struggle to keep pace with demands, according to a survey released this week by security certification firm (ISC)2.
The 2011 (ISC)² Global Information Security Workforce Study (GISWS), which was conducted by industry analysts Frost & Sullivan for (ISC)2, finds an increasing pressure to provide even more services to organizations to protect not just the organization's systems and data, but also its reputation, its end-users, and its customers. But the professionals charged with doing this are not prepared, according to the study's authors, who note the results reveal a clear gap in skills needed to protect organizations in the near future.
"The information security profession could be on a dangerous course, where information security professionals are engulfed in their current job duties and responsibilities, leaving them ill-prepared for the major changes ahead, and potentially endangering the organizations they secure," a summary of the findings states.
The survey polled more than 10,000 information security professionals worldwide and found more than half, 51 percent, of all organizations allow end users to access Facebook at work. Even more, 63 percent, were allowed to access LinkedIn.
"Unfortunately, many information security professionals still appear to believe that social media is a personal platform and are doing little to manage the threats associated with it," the study's author writes. "Frost & Sullivan was disappointed to see that 28 percent of information security professionals worldwide reported having no organizational restrictions on the use of social media. EMEA was even higher, with 31 percent of respondents reporting they had no restrictions on the use of social media."
Among those polled, most said application vulnerabilities represent the number one threat to organizations. More than 20 percent of information security professionals reported involvement in software development. Mobile devices were the second highest security concern for the organization. But approximately one-third of respondents did not have a formal policy in place for unmanaged mobile devices. However, most did use a variety of technological tools to protect mobile devices, including encryption, network access control and mobile virtual private networks.
The adoption of cloud computing is also posing a threat, the survey finds. Among respondents, 73 percent said that cloud computing requires new skills for security professionals. When asked what new skills would be required for cloud computing, half of the participants identified contract negotiation skills as one of their top three requirements. This selection trailed the desire to develop a detailed understanding of cloud computing chosen by 93 percent, as well as the desire for enhanced technical knowledge chosen by 81 percent of participants.
"A clear skills gap exists that jeopardizes professionals' ability to protect organizations in the near future," the survey summary states. "This is not to say the industry is doomed. If the projected growth in number of information security professionals and concurrent increases in training continue, these risks can be reduced."