New research reveals growing security risksTwo new research studies, which concern the security implications of emerging technologies such as cloud computing, virtualisation, social networking and mobile communications, were released yesterday, Wednesday, 17 June by RSA, the Security Division of EMC. The first research study, conducted by IDG Research Services, reveals a significant gap between the speed at which organisations are adopting new connectivity, collaboration and communication technologies and their readiness to deploy them securely. The second study, from RSA's Security for Business Innovation Council, outlines how companies can capitalise on the significant business advantages these new technologies represent without putting their organisations at risk. Rob Watson, country manager of RSA, the security division of EMC South Africa, said: "Information is an organisation's single most valuable asset. It's not enough to look at the external threats; companies also need to be able to control their critical information to ensure the right person gets the right access to the right information at the right time. This can help business enablement, but also presents a significant security risk if the right controls are not in place. We therefore advise companies to look not only at external attacks on their environment, but also at the internal procedures they have in place to allow them to efficiently do business while protecting their most valuable asset." Dissolving boundariesKarel Rode, principal consultant of RSA, agreed: "Businesses are becoming 'hyper-extended enterprises', exchanging information with more constituencies in more ways and in more places than ever before. The rapid adoption of nascent web, social and mobile technologies combined with the rising use of outsourcing is quickly dissolving what remains of the traditional boundaries around our organisations and information assets. Security strategies must shift dramatically to ensure companies can achieve their goals to cut costs and meet revenue targets without creating dangerous new business vulnerabilities. "The complexities of strong authentication as a defence mechanism are often negated by creative tools, such as Trojans, that are engineered to attack very specific systems. Defending solutions need to address this, not just by looking at the client authentication mechanisms and processes to the system, but by using additional controls that monitor the transactions, predict risky behaviours and proactively engage the user for credentials. This creates a strategy of 'defence in depth', which enables reliance on multiple systems throughout the user's interaction with the Web or mobile channels to become a key contributor to reducing risk and fraud." IDG report shows many companies leaping without lookingCommissioned by RSA, the 2009 IDG Research Services survey of 100 top security executives at companies with revenues of US$1bn or more, showed that some companies are so enthusiastic about the potential of new web and mobile technologies they are deploying them without adequately securing critical processes and data. Key findings include: Hyper-extended enterprise requires new security approachIn RSA's fourth Security for Business Innovation Council report, top security leaders from around the globe explore how security strategies must transform in a world in which well-intentioned actions to drive new business value could open up disastrous risk exposures. The report offers specific recommendations for developing an updated information security model that reflects the emerging opportunities and dangers at hand. Council members outline why today's environment is particularly treacherous and share advice on how to securely tap the hyper-extended enterprise for business advantage. Specific guidance includes: For more information go to www.rsa.com and www.idgresearch.com. |