Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cloud adoption takes precedence over security: Ernst & Young

Some 69 per cent of Australian companies have adopted Cloud but information security low on the priority list, finds survey

Some Australian companies consider Cloud adoption more important than an updated information security strategy according to research conducted by consultancy firm, Ernst & Young.

In its latest Global Information Security Survey which surveyed 1,700 companies including 165 in Australia, 76 per cent of respondents said there was an increasing level of risk due to external threats.

However, only 42 per cent of the firms surveyed had updated their information security strategy in the past year.

Ernst & Young Australia information security leader, Mike Trovato, said in a statement that this posed a risk as 69 per cent of Australian companies surveyed were using or considering the use of Cloud computing services within the next 12 months.

“Despite increasing Cloud adoption, many organisations in Australia are still unclear of the security implications of Cloud and are slow to adopt [strategies] therefore falling behind their global counterparts,” Trovato said.

“What we are seeing are organisations either moving to the Cloud prematurely and without appropriately considering the associated risk, or avoiding it altogether,” he said.

However, 66 per cent of respondents were in favour of an external Cloud certification, with 35 per cent added that the certification should be based only on an agreed-upon standard.

The survey also found that few Australian organisations had sought certifications or done their own security site assessments.

“So, while their greatest fear is losing sight of data in the Cloud, few actually go looking for controls,” Trovato said.

“While there is work being done in this area globally, organisations cannot rely on external bodies to address all of the risks associated with Cloud computing,” he said.

“The risks are undoubtedly significant and must be managed within an organisation by implementing formal IT risk management procedures.”

Turning to the risks posed by social media, 55 per cent of Australian respondents indicated that they were implementing policy adjustments, while 48 per cent had introduced security and social media awareness programs. In addition 44 per cent planned to limit access to sites such as Twitter and Facebook.

Trovato added that 11 per cent of respondents were presenting information security topics at each board meeting while 40 per cent were presenting topics every quarter. However, only 49 per cent stated that their information security strategy was meeting the needs of the company.

“It’s time that security was elevated to the board room with a defined strategy that will support the business in the Cloud and elsewhere," he said.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Ernst & Young, Ernst & Young, Facebook
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cloud, cloud security, Ernst & Young, information security
Latest Blog Posts
Whitepapers
  • Look both ways - Protecting your data with content inspection
    Today’s threat environment is as dynamic as the business world in which we operate. As the communications channels we use continue to proliferate and evolve, so too have the vulnerabilities. Finding the right balance between ensuring the security of sensitive data, enabling the free flow of information and making full use of the latest web-based technologies can be a challenge. Deep content inspection is a vital layer in any unified information security strategy, helping organisations to take control over their information assets while proactively protecting against malware and data leakage. Read on.
    Learn more »
  • Case Study - TNT Express successfully reduces their paper usage and costs using a new document solution
    in 2009 TNT decided to evaluate the market for new head office multifunction devices (MFD) as their current MFD fleet was almost seven years old. The objective was to reduce the number of devices and improve productivity, meet TNT’s future technical requirements and reduce the total cost of ownership of the equipment. They were also looking for a provider who would provide cost and service reporting as well as help streamline their electronic archiving requirements via the scanning of dockets and documents. Read on.
    Learn more »
  • Maximise Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights
    Software asset management (SAM) is a complex process that enables organisations to gain control of their software estate from both a license compliance and financial standpoint. In many organisations, SAM represents one of the few remaining ways that substantial IT savings can be realised. McKinsey and Sand-Hill Group estimate that 30% or more of IT budgets are consumed by software license and maintenance costs. By optimising the SAM process, organisations can maximise software utilisation, reduce the risk of non-compliance (audits, fees, penalties), and reduce overall IT costs by as much as 5 to 10% per year. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments