Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

Chief Information Officer

Cloud maturity study reveals the top 10 issues eroding cloud confidence

Website: www.isaca.orgThe Cloud Security Alliance (CSA) and ISACA have issued the results of their survey of how organisations feel about the “cloud”.

The report provides detailed insight on the adoption of cloud services among all levels within today’s global enterprises and businesses. I have summarised the report below.

The study reveals that cloud users in 50 countries were least confident about the following issues (ranked from least confident to most confident):

  1. Government regulations keeping pace with the market (1.80)
  2. Exit strategies (1.88)
  3. International data privacy (1.90)
  4. Legal issues (2.15)
  5. Contract lock in (2.18)
  6. Data ownership and custodian responsibilities (2.18)
  7. Longevity of suppliers (2.20)
  8. Integration of cloud with internal systems (2.23)
  9. Credibility of suppliers (2.30)
  10. Testing and assurance (2.30)

While there are many positive indicators that support the planned adoption and perceived use and value of cloud services in the years ahead, there remains much progress to be made to engage and gain the buy-in among business leaders.

“As a first step, we as an industry must still work to provide a clearer definition of what cloud is and how the many innovative and secure services can help positively impact today’s businesses,” said J.R. Santos, global research director at CSA. “But, we need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace.”

“One of the most interesting findings is that governance issues recur repeatedly on the list of the top 10 concerns. Cloud users recognize the value of this model, but are wrestling with such questions as data ownership, legal issues, contract lock-in, international data privacy and government regulations,” said Greg Grocholski, CISA, international president of ISACA. “As cloud services continue to evolve, it is critical that we work together as an industry to provide insights and recommendations on these issues so that service and solution providers can look to innovate and deliver what the cloud services market needs to advance and what enterprises need to succeed.”

Survey Overview

Results of the study provide much insight on the progression of cloud adoption. For example,

  • Business enablers (score 4.08) rather than financial considerations (score 3.5) are the primary factors in making cloud decisions, with the least important factor being the ability to reduce the environmental footprint of the organization (score 2.67)
  • The business enablement factors that most influence cloud computing decision making are related to the reliability and availability of services (mean score 4.59) and quality of service (score 4.29)

Respondents feel there is room for improvement when it comes to innovation in the cloud.

  • 24% survey takers indicate that there is no or limited levels of innovation in the market
  • 43% of respondents believe there is a moderate level of innovation
  • 33% report that the level of innovation in terms of products, services and business use is significant

“Survey results show that CIOs and IT management understand cloud best and are most involved in driving cloud innovation in their organizations. This limits cloud maturity and innovation since cloud continues to be viewed as a technical solution and not as a business enabler,” said Yves Le Roux, a member of CSA and the ISACA Guidance and Practices Committee. “Cloud can provide business-building innovation, but to get to that point, there needs to be more buy-in and a better understanding among business leaders and C-level executives of the cloud’s value and risk.”

Nearly all respondents feel that cloud computing is far from reaching maturity, with only software as a service (SaaS) cautiously placed at the earliest state of growth level, with infrastructure and platform services still considered in the infancy stages.

Respondents remain moderately confident that cloud services are meeting service and strategy expectations and that problems are being addressed. Many rated cloud services as providing confidence in strategy and problem resolution (means score 3.47), indicating cautious optimism that cloud will advance in maturity and problems limiting its adoption will be addressed.

 

Advertisements

Combating Cybercrime to Protect Organisations

PWC have released their annual Cybercrime report, “Cybercrime: protecting against the growing threat – Global Economic Crime Survey“, and as usual it makes very scary reading.

The report shows that crime is up and those organisations have been slow to react to the threats. Threats that were highlighted in previous reports.

Organisations of all sizes need to improve their abilities to protect their sensitive data and the report focuses on several area that need addressing, for example awareness of the threats in senior management and training for employees in how to spot crime and how to take the appropriate steps to react to the incident (Incident Response Planning…).

There needs to be adequate protection in the form of technology, procedures and policies for the proposed awareness and training to be effective and efficient.

The report is based upon 3,877 respondents from organisations in 78 countries. The scale of the survey has provided a global picture of economic crime.

The key findings of the report are shown in full, with the remainder of the post focusing on the statistics shown in the report.

Key Findings from the PWC “Cybercrime: protecting against the growing threat” report

Our sixth report paints a dramatic picture of UK organisations still struggling in the face of severe austerity cuts.

Economic crime has risen by 8 percentage points since our 2009 survey, with over half of respondents reporting at least one instance of economic crime in the last 12 months. Even more concerning for Senior executives was the fact that 24% of respondents reported more than ten incidents in the last 12 months.

Our findings suggest that the combination of rising economic crime in the UK, and widespread austerity cuts that limit the resources available to focus on economic crime, has made today’s business environment altogether more difficult and risky.

Cybercrime has become the third most common type of economic crime, whilst levels of ‘conventional’ economic crime have fallen (asset misappropriation has fallen by 8 percentage points since 2009, and accounting fraud by 5 percentage points in the same period). So we think organisations need to take a fresh look at how they deal with fraud.

Cybercrime now regularly attracts the attention of politicians and the media, and should be a concern to business leaders as well. Our survey gave respondents their first direct opportunity to highlight cybercrime as one of the main economic crimes they had experienced, and over a quarter of those who had reported economic crime in the last 12 months did so. The largest number of these were from the financial services sector.

Our survey shows that organisations need to be clear about exactly what cybercrime is, and who is responsible for managing it.

Economic crime perpetrated externally has increased and fraud carried out by employees within the organisation is declining.

Statistics extracted from the report

  • 47% of respondents said the cybercrime threats have increased over the last 12 months
  • 84% of respondents who identified an economic crime had carried out at least one fraud risk assessment in the last 12 months
  • 19% of UK respondents didn’t perform a fraud risk assessment in the last 12 months. This is a much lower figure compared with the global 29% of respondents
  • Over half of UK respondents reported economic crime in the last 12 months, compared with 34% globally
  • 51% of respondents experienced fraud in the last 12 months (UK)
  • 26% of those who experienced an economic crime in the last 12 months reported a cybercrime
  • 48% of respondents felt that responsibility for detecting and preventing cybercrime falls to the Chief Information Officer, the Technology Director or the Chief Security Officer
  • 66% of respondents said they had reported a cybercrime incident to law enforcement, compared with 76% of those who experienced economic crime
  • 54% of respondents representing organisations with offices in more than 20 countries saw an increased risk from cybercrime in the last 12 months. 35% of respondents representing organisations based just in the UK perceived a similar rise

Cybercrime awareness

  • The most effective way to raise cyber security awareness is through face-to-face training. In spite of this, only 24% of UK respondents received this type of training
  • 33% see cyber security as the responsibility of the Chief Executive Officer and the Board, the global figure is 21%
  • One in five respondents said the CEO and the Board only review these risks on an ad hoc basis

Response to cyber crime

  • 16% of UK respondents said their organisation has in place all five of the measures specified in the survey, compared with 12% of global respondents – see the link to the full report below.
  • 83% were concerned about reputational damage
  • 57% of respondents representing UK organisations have a media and public relations plan in place. The global response was 44%
  • 28% of respondents said they didn’t have any access to forensic technology investigators

Profile of the internal fraudster

  • male
  • aged between 31 and 40
  • employed with the organisation for between three and five years
  • educated to high school and not degree level

Top 5 departments perceived to present the biggest cybercrime risk

UK  Global
1. Information technology 52 53
2. Operations 42 39
3. Sales and marketing 36 34
4. Finance 37 32
5. Physical/Information security 22 25

Find the full report here.

.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: