Chief Security Officers are looking to crack the code on mobile and cloud security

Today’s Chief Information Security Officers (CISOs) are asking themselves, “How can we benefit from mobile and cloud technology – securely?” Risk and Security Officers are often placed in the role of public defender for corporations.  They are charged with proactively protecting the enterprise from a variety of cyber threats while the business continues to evolve.This broad responsibility becomes even more challenging when companies adopt new technology without a security strategy.

IBM’s 2013 CISO Assessment interviews security leaders to get there perspective and priorities.  Businesses around the globe are embracing mobile and cloud technology at a rapid pace and yet 76% of respondents say that the loss of an employee owned mobile device with access to their corporate network, could result in a significant security event.   Investment in new technology can be a tremendous asset to business growth and efficiency but the reality is that few companies are as prepared as they need to be.

IBM’s Security Services GM, Kris Lovejoy, further explores the challenges CISO’s face and the new threats introduced by technology in a recent Forbes article entitled BYOD? Mobile, Cloud? Security Leaders Tackle New IT Issues. This year we are seeing a growing number of cyber warfare events where access to high value targets such banks, corporations and government are key goals.Our reliance on technology has made us vulnerable and Cyber criminals are adjusting their techniques to capitalize on our attachment to mobile and cloud technology. 

In the IBM X-Force 2013 Mid-Year Trend and Risk Report, the latest vulnerabilities are revealed and the issue of exploiting our trust is explained. The research shows that many companies trust that they have the right security procedures and policies in place however when these measures are fully tested, the weaknesses become apparent and we continue to see a high level of breach activity. 

Every organization can benefit by taking a fresh look at the security controls they currently have in place.CISO’s are seeing the wisdom of asking the hard questions to help verify if the tools and policies they have in place are adequate to securing their mobile and cloud enterprises.Here are few questions you might want to ask:

  1. Is our current approach to security comprehensive enough to address the unique challenges of new technology  (Cloud, Mobile, Social)
  2. Does our organization have formal written information security policies for Mobile and Cloud? If so, are they up-to-date and have they been socialized?
  3. How secure are the applications we access?  How do we know this?