The Register® — Biting the hand that feeds IT

Feeds

Security that Fits

Workshop

What's impacting IT security today?

Assessing the changing direction of security

By Jon Collins, 29th April 2010
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Mini Poll Okay, we've banged on often enough about how security shouldn't be about products - it should be about making sure our data is adequately protected and all such good ideas. But the question is just how practical is this? We know a whole load of change is coming to IT today, some internal and some external. We also know that the bad guys are getting badder, smarter and better-equipped to breach the increasingly fragmented protection mechanisms we have in place.

But where should we be focusing our efforts, and how can we be sure to get the right level of buy-in within our organisations to make a difference and protect our IT crown jewels? If you have a few minutes to fill in our poll and let us know how you believe the land lies, we'll feed back the results to you sharpish.

READER POLL: WHAT'S IMPACTING IT SECURITY TODAY?

To begin with, by way of providing some background and context, we'd be interested to know what general trends are having an impact on your organisation. We'll then ask which ones have a specific security impact, before drilling into what you're doing about it.

1. How much are the following currently impacting your organisation at the moment, or have had an impact over the last 3 years?

  Major Impact       No Impact  
  5 4 3 2 1 N/A
Regulatory changes
Increased volumes of information being stored
Use of mobile technology (eg laptops, handhelds, USB sticks etc)
Remote access from the field
Wireless access within the workplace
Flexible working practices (eg home working, hot desking etc)
Use of social networking sites such as Facebook, Twitter etc
Use of other public services such as instant messaging, web conferencing, etc
Use of corporate instant messaging, web conferencing, etc (supported by IT)
Employees using their own personal devices for work
Introduction of online services (eg e-commerce and/or customer services)
Customer/partner/supplier system integration or access via extranet portal
Expectations of customers, suppliers, etc with regard to privacy and/or security
Use of hosted services using dedicated resources from outside the organisation
Use of hosted services using shared/co-located/multi-tenant resources from outside the organisation
Virtualisation of IT infrastructure
Other (please specify)

2. Considering this same list, how much impact has each item had on the way you deal with security today or the way you anticipate dealing with it in the future?

  Major Impact       No Impact   Anticipate significant
future impact
  5 4 3 2 1 N/A
Regulatory changes
Increased volumes of information being stored
Use of mobile technology (eg laptops, handhelds, USB sticks etc)
Remote access from the field
Wireless access within the workplace
Flexible working practices (eg home working, hot desking etc)
Use of social networking sites such as Facebook, Twitter etc
Use of other public services such as instant messaging, web conferencing, etc
Use of corporate instant messaging, web conferencing, etc (supported by IT)
Employees using their own personal devices for work
Introduction of online services (eg e-commerce and/or customer services)
Customer/partner/supplier system integration or access via extranet portal
Expectations of customers, suppliers, etc with regard to privacy and/or security
Use of hosted services using dedicated resources from outside the organisation
Use of hosted services using shared/co-located/multi-tenant resources from outside the organisation
Virtualisation of IT infrastructure
Other (please specify)

3. Bearing in mind the above, how would you characterise the level of involvement of the following in defining needs and making decisions with regard to security measures?

  High and remaining so High but decreasing Historically limited but increasing Historically limited and remaining low N/A
Board-level execs
Finance management
Risk management
Senior security director/chief security manager or equivalent
IT security specialists
IT management
Operational management
External advisors (eg consultants)
Customers/partners/suppliers
Individual users
Other (please specify)

4. Given all of this, in an ideal world, where do you think the emphasis with respect to security should be placed looking forward?

  High priority Secondary priority Low priority N/A – already sorted Unsure
Strengthening security policy
Increasing security training for employees
Taking a more joined up architectural approach to security
Increasing the tooling you have in place in specific areas
Allocating security responsibilities to a specific role
Getting the board more actively involved with respect to security
Increasing awareness and understanding of risk within the business
Improving the dialogue between IT and the business regarding security
Other (please specify)

5. Any other general comments on the current state of security in your organisation?

 

BEFORE YOU GO

6. Approximately how large is your organisation (worldwide) in terms of employees?

Less than 10 employees
10 to 50 employees
50 to 250 employees
250 to 1,000 employees
1,000 to 5,000 employees
5,000 to 10,000 employees
Over 10,000 employees

7. Which of the following best describes your organisation?

Energy & utilities
Financial services
Healthcare
Hi-tech
Manufacturing
Oil & gas
Pharmaceuticals
Central/local government
Retail & wholesale
Professional services
Telecommunications
Travel & transportation
Other (please specify)

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (1)
Latest Comments
jake

The two biggest problems in IT security today ...

... are the same as they have been for the over a third of a century I've been making money in the IT world, and probably go back to the dawn of time.

The first is convincing management to throw enough money (resources) at the problem to have the correct hardware for the situation ... AND the staff to run it properly.

The second is the big problem ... 90% of the userbase is incapable of wrapping their tiny collective hive mind around the concept of security.

0
1

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19