An increase in use of external service providers and business adoption of new technologies such as cloud computing, social networking and Web 2.0 will raise information security risk, said a survey.

While the risk may increase for 60 per cent of respondents, less than half (46 per cent) intend to increase their annual investment in information security, according to Ernst & Young’s 13th annual Global Information Security Survey.

Information security systems must expand and adapt to meet the demands of the enterprise in an evolving borderless world, the study said.

Less than a third of global businesses have an IT risk management programme in place capable of addressing the risks related to the use of new technologies.

In spite of the rapid emergence of new technology, just one in ten companies consider examining new and emerging IT trends a very important activity for the information security function to perform, according to the study.

“The region is seeing one of the fastest uptakes of smart mobile devices in the world and the demand for access to corporate and sensitive data from remote locations has grown in tandem,” said Wasim Khan, Mena IT services and telecom leader, Ernst & Young.

“Over the next few years, we expect companies to come alive to the security risks posed by mobile and online leakages and upgrade their security infrastructure.”

Srikant Ranganathan, partner, IT advisory Ernst & Young Bahrain, added: “In the Mena region, the Government and public services sector has been at the forefront of the adoption of Internet based customer reach.”

“This has brought on risks to which they were previously unexposed to.  The correct focus on protection against these new risks is critical to the success of these initiatives.”

Over half of respondents state that increased workforce mobility poses a considerable challenge to the effective delivery of information security initiatives.

This is due to the widespread use of mobile computing devices which allows individuals to access and distribute business information from anywhere at any time. For almost two-thirds (64 per cent) of those surveyed, employees’ level of security awareness is recognized as a considerable challenge.

Half of respondents plan to spend more over the next year on data leakage and data loss prevention – a seven percentage point increase from last year.

To address potential new risks, 39 per cent are making policy adjustments, 29 per cent are implementing encryption techniques and 28 per cent are implementing stronger identity and access management controls.

“Increased mobility and limited control over end-user devices can also cause problems. This is especially true when trying to implement effective and efficient business continuity and disaster recovery capabilities,” added Wasim.

Cloud computing services are gaining greater adoption: 23 per cent of respondents are currently using cloud computing services and a further 15 per cent are planning to use it within the next 12 months.

When asked if an external certification of cloud service providers would increase trust, 85 per cent of respondents said yes, with 43 per cent stating that the certification should be based upon an agreed standard and 22 per cent requiring accreditation for the certifying body.

“Companies and Information security leaders are facing a changing business environment, where traditional enterprise boundaries are quickly evaporating. It is also an environment driven by an increase in workforce mobility, greater adoption of cloud computing services and a growing use of social media and collaborations tools within the enterprise,” Wasim said.

“Organizations will be pressed for both time and resources to mitigate the risks involved but will have no choice but to address them,” he concluded.

Nearly 1600 respondents from 56 countries, including from the Middle East, took part in the study. – TradeArabia News Service