The age of performing business tasks on traditional premise-based systems is on its way out as more companies adopt the cloud and deploy mobile strategies. The introduction of these new computing environments is helping businesses expand their workforce, improve efficiency and cut costs by eliminating the need to maintain older on-site equipment. However, next-generation virtual environments are also inviting new risk and security concerns.
Mobile computing environments are now recognized by 35 percent of IT security professionals as the biggest risk to organizations, as improper use of gadgets or poorly protected devices can jeopardize data protection, according to a survey by FishNet Security. The study also noted that 30 percent of respondents believe unprotected mobile devices will account for the majority of all data breaches reported in 2012.
"It's clear that mobile computing tops the list of this year's leading security concerns with the clients we surveyed," FishNet Security chief executive officer Gary Fish said. "Our company is seeing this as a major issue because of the number of BYOD (bring your own device) instances and the vulnerabilities that can threaten mobile computing, such as unsecured Wi-Fi access, lost or stolen devices and malware attacks on mobile operating systems."
The emergence of cloud computing is also causing IT security professionals to worry about how well their virtual environments are protected. According to the study, 18 percent of respondents believe hosted cloud environments pose the biggest risk to data security, making it the third-highest IT concern, behind mobile and social networks.
However, 28 percent of IT professionals believe that since the cloud is rapidly growing in popularity, its risk will grow in time. As a result, cloud computing environments will likely slide into the No. 2 position, being trumped only by mobile security concerns.
"Because of its growing popularity, we're seeing more concern about cloud-specific security issues in our survey," said Aaron Shilts, the executive vice president of services at FishNet Security. "The geographic distribution of cloud-based data can make it incredibly challenging to maintain standard security controls. Cloud computing is also forcing organizations to take a closer look at their identity and access management posture."
Additionally, many IT professionals fear cybercriminals, as these unwelcome outsiders were seen as a security priority for 25 percent of survey respondents. Since mobile and cloud-based environments are still relatively new, highly skilled hackers may be able to exploit vulnerabilities and corrupt or expose confidential information. As a result, many organizations are raising data loss prevention awareness and beefing up security protocol by implementing next-generation firewalls or training programs.
According to a study by Frost & Sullivan, the introduction of cloud and mobile environments has created a severe skills gap when it comes to implementing data privacy, protection and security tools. More than 70 percent of security professionals said they needed additional skills to keep next-generation computing environments safe and out of reach from malicious outsiders.
By implementing education and training programs, organizations can raise awareness of the potential vulnerabilities these technologies pose and how IT departments and employees can follow best practices to mitigate risk.
The FishNet Security survey found that roughly 34 percent of survey respondents said security training and education programs will be one of their primary IT investments in 2012, followed by hiring consulting services and managed security experts.
"Hackers usually go for the 'low-hanging fruit' when they go on the attack," Fish said. "If they encounter an organization with strong security controls on the outside perimeter, then they generally move on to another target."
Data Security News from SimplySecurity.com by Trend Micro