Acceptance of “Bring Your Own Device”

Businesses welcome BYOD for the operational cost savings and user experience

London, 16 January 2013 – Company policies supporting Bring Your Own Device are being widely embraced as a win-win initiative that improves employees’ experience and reduces IT costs, according to results released today of the (ISC)2® 2013 Global Information Security Workforce Study, conducted on behalf of the (ISC)2 Foundation by the analyst firm Frost & Sullivan. At the same time, information security managers admit that companies must do more to understand the security of the technologies behind the trend, particularly for cloud-based systems and applications.

A preview of select results of the (ISC)2 (“ISC-squared”) study were featured at a press conference hosted by Reed Events in advance of Information Security Europe 2013, April 23 -25. The largest study of its kind examining workforce trends in information security covered BYOD as one of three game-changing technology trends that are having a significant impact on information security practice. The global study’s 12,396 respondents, one in four of which work in the EMEA region, clearly establish that BYOD is a prevalent practice – with 53 percent saying their companies actively allow users, either employees, business partners or both, to connect their devices onto their networks. A similar percentage, 54 percent, identified BYOD as a growth area for training and education within the information security profession.

Security professionals, however, are concerned that companies are not prepared for the risks introduced by this trend. Seventy-eight percent consider BYOD to present a somewhat or very significant risk. This reflects increased levels of concern compared to the 2011 study, when mobile devices were identified as a significant risk by 68 percent of respondents.

Further, nearly three-quarters of respondents (74 percent) highlighted that new security skills are going to be required to manage the security risks associated with BYOD. The biggest concerns were over the state of application security (72 percent) and the cloud (70 percent), also a developing area in business systems. Another 66 percent suggested companies needed to get more of a grip on how compliance requirements are being affected with the prevalence of BYOD.

Companies are more open to allowing user-owned smartphones (87 percent) and tablets (79 percent) onto corporate networks than laptops (72 percent), while they are supporting a multitude of platforms, with iOS leading the pack (84 percent), closely followed by Android (75 percent); RIM Blackberry/QNS (62 percent), and Windows Mobile (51 percent).

“Whether approved or not, user-owned tablets and smartphones are connecting into corporate networks and cloud environments,” states Michael Suby, Stratecast VP of Research at Frost & Sullivan. “Furthermore, the escalating capabilities of these devices, such as dual-core processors and multi-gigabytes of storage, add to the level of risk these devices pose to corporate assets and sensitive information. The positive news is that information security professionals are using a growing array of security technologies to stem this risk.”

The business drivers given for turning to BYOD puts the user at the centre of IT strategy. The desire to improve end-user experience at 60 percent was almost equal to the business requirement of supporting a mobile workforce (64 percent). A significant number of respondents (44 percent) also noted the goal of reducing operating and end-user support costs; while the desire to lower IT inventory costs was noted by a much lower 21 percent.

“From a security perspective, BYOD is gaining attention, but current efforts are focussed on the end -point rather than on protecting business data and assets,” says Wim Remes, CISSP, member of the (ISC)2 Board of Directors.

The top technologies identified to mitigate risks include: encryption, the use of virtual private networks, and remote lock and wipe functionality. Less than half (42 percent) are working with applications access control or authentication (40 percent), basic controls that exist on traditional IT infrastructures.

“This can be an opportunity for IT operations to fully seize the role of a business enabler. If approached correctly, with a focus on the data, BYOD can actually improve security and enable the business to compete at a pace that was but a remote dream half a decade ago,” concludes Remes, who presented the results at the conference.

The (ISC)2 Foundation will release the full report of the 2013 (ISC)2 Global Information Security Workforce Study in February as a resource to industry. Based on findings of an industry survey conducted in the autumn of 2012, the study is unique in its focus on issues affecting the security profession rather than general market developments, products or security breaches. Participants from 145 countries around the world contributed to offer insights into the changing profile of the profession, training and development needs, salary levels, attitudes and developments toward risk management, and the impact of key trends in business systems on security management.

About the (ISC)2® Foundation
The (ISC)2 Foundation is a non-profit charitable trust that aims to make the cyber world safer for everyone by supporting cyber security education and awareness in the community through its programmes and the efforts of its members. Through the (ISC)2 Foundation, (ISC)2‘s global information security expert membership of over 87,000 seek to ensure that children everywhere have a positive, productive, and safe experience online, to spur the development of the next generation of cyber security professionals, and to illuminate major issues facing the industry now and in the future. For more information, please visit www.isc2cares.org.

About (ISC)2®
(ISC)² is the largest not-for-profit membership body of certified information security professionals worldwide, with over 87,000 members in more than 135 countries. Globally recognised as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSPÒ) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLPÒ), Certified Authorisation Professional (CAPÒ), and Systems Security Certified Practitioner (SSCPÒ) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the requirements of ISO/IEC Standard 17024. (ISC)² offers education programmes and services based on its CBK®, a compendium of information security topics. Visit www.isc2.org.

# # #

© 2013, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.

Follow (ISC)² on Facebook, Twitter and YouTube.

Media Contact:
Nikki Alvey
+44 7973 354 706
nikki.alvey@mediahoundpr.co.uk

read more

Cloud computing features heavily in 2013 CIO tech priorities

The importance of cloud computing in the overall tech sphere has again been emphasised in a Gartner report surveying over 2,000 CIOs on their technology priorities for 2013.

Cloudy areas featured heavily in the top 10 priorities for CIOs, with cloud computing itself – alongside software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS) ranked at number three.

Elsewhere, legacy modernisation – a big element of companies moving into cloud-hosted solutions – was ranked at five, with customer resource management (seven), virtualisation (eight) and enterprise resource planning (ERP) apps (10) also make the top 10.

Yet the two priorities ahead of cloud computing in the pecking order, analytics and BI (business intelligence) and mobile technologies, make for interesting reading as of course the areas are all inextricably linked.

Back in 2011, Louis Columbus wrote of how analytics and BI was accelerating cloud adoption, citing the …

ExchangeDefender to Exhibit at Cloud Expo New York

SYS-CON Events announced today that ExchangeDefender, an Internet-based message hygiene and business continuity network, will exhibit at SYS-CON’s 12th International Cloud Expo, which will take place on June 10–13, 2013, at the Javits Center in New York City, New York.
ExchangeDefender is an Internet-based message hygiene and business continuity network that can secure and save your business by providing enterprise-grade AntiSPAM, Virus Filtering, Web File Sharing, Web Filtering, Encryption, LiveArchive, and so much more.

read more

Salesforce.com and Three Other Companies Getting Viewpoint Right

The godfather of Viewpoint in the new era of cloud computing is clearly Salesforce.com. As I have written here, SalesForce.com’s “The End of Software” created a unique and compelling Viewpoint that aligned with the aspiration and frustrations of their target customers who needed faster and easier visibility into sales pipeline and performance. As they and the market have matured, they have adeptly shifted to “The Social Enterprise”, seeking to capitalize on the technology, environmental and business shift to social computing. So far, this seems to be a big win again for Benioff and team as even conservative Gartner Group now calls this category “Social CRM” .

read more

Redefining Cloud Computing: Cloud Calling and Smartphones

With more smartphones being utilized everywhere, should we be redefining cloud computing? If not redefining it, at least recalibrating it to encompass and fit new edge technology that is becoming the device of choice.
Many organizations that are looking at implementing cloud computing should also be looking at BYOD (Bring Your Own Device) concepts that focus on smartphones and tablets.
Why? More people are using smartphones and tablets than PCs today. They don’t want to be burdened with “computing,” that sounds too technical. All they want to do is make a call and get things done.

read more

Is Your Cloud Truly ‘Cloud Nine’ or Just a Lot of Hot Air?

Massive data growth. An aging and inefficient data center infrastructure. A proliferation of new software and a host of costly legacy applications. These are the challenges that business and IT organizations face every day – and cloud computing is often touted as the “magic bullet” that can help businesses cuts costs, generate revenue and create new value. But if cloud is the path to business utopia, what’s stopping more organizations from making the move?
At Dell, we see the tremendous potential of the cloud – but we also know that it doesn’t mean anything if you can’t get there easily and with the least disruption to your organization. We start from one simple question: What is the business problem you’re trying to solve? From there, we help you create simple path to cloud that’s based on your strategy and goals – and that leverages your existing technology investments.

read more

Data Security Concerns With Cloud Technology

Cloud computing in the 21st century promises to be what electricity was in the 20th century; cheap, plentiful and always available to compute resources to fulfill your every need. With any new technological advance however, there are always risks which could be exploited by those with malicious intent.

If you’re fortunate enough to have the resources within your organization to build and operate your internal private cloud, most of these risks would have been mitigated already as you still retain an element of control. Many other businesses are not in this position however, especially those in the small and medium sized sector, who are shredding documents to move to the cloud.

All of the security concerns we’ll be discussing below are not deal-breakers as such; the benefits of the cloud far outweigh any data security risks entailed in the transition to utility computing. As a decision maker, however, it is important to think about these issues before securely shredding everything and embarking on cloud migration, and finding out from prospective cloud providers how they will safeguard your data operations should be a key deciding factor on choosing your public cloud provider.

Data storage
Data should be securely encrypted when on your cloud provider’s servers, and also when in use and being processed by the cloud service. Forrester, a leading technology market research company, warns that few providers are currently able to guarantee data security and protection whilst it is being used within the application, and also what they do with the data after processing is complete.

Data transfer
Communications over the internet must be secured in any cloud transaction. On a browser, look for the “https” URL header when you connect to your cloud provider. In addition, always ensure traffic is authenticated and encrypted using industry standard protocols, developed specifically to secure internetworking, such as the Internet Security Protocol (IPSec).

Secure APIs
Also be aware of the software interfaces or application programming interfaces (APIs) that are employed in cloud services. The Cloud Security Alliance (CSA), an industry trade group, recommends learning about how your cloud provider integrates security throughout its offering, spanning activities such as monitoring and alerting services, data authentication and access control techniques.

Access control and data separation
You no longer have any personnel controls over people that have access to your data stored on the cloud provider’s servers. Make sure you consider the sensitivity of such data first to make sure that it is appropriate for release into the cloud. Gartner, a leading technology research and advisory company, also suggests asking for profiles of people who manage your data and the level of access they have.

Dear Mr CIO, How Is 2013 Strategy Going So Far?

Dear Mr CIO, how is the year ahead planning program going so far? I know, sorry, it’s a tough one. The deployment and integration of devices, mobile connectivity points, virtual cloud-based desktop services, security, Big Data, tablets, mini-tablets and micro-mini-tablets (don’t worry, we made that last one up) all present a multiplicity of challenges.
The hyper-efficient CIO should look back on 2012 first and take stock of recent developments as the most prudent means of planning for 2013. Commonly agreed wisdom suggests that migration plans from XP to Windows 7 have now been put in place and (by and large) also been put into motion in most reasonably sized firms.

read more

Skytap Offers Ready-to-Go Cloudera Hadoop

Skytap, the cloud platform that offers virtual lab automation as a service, now has pre-configured Cloudera Hadoop (CDH4) templates in its library that can be used to spin up and manage physical or virtual clusters of up to 50 Hadoop nodes.
With complexity removed, the company claims a 10-node system should take no more than 10 minutes to deploy. In Cloudera system one node is always dedicated to Cloudera Manager.
The templates eliminate the time required to manually download, install, configure and network all of the required software and hardware components together.

read more

The cloud news categorized.