2012 Strategic Security Survey: Pick The Right Battles

Whether its cloud computing, mobile devices, or insecure software, some threats are more prevalent than others. Our latest survey delves into where security pros are putting their resources.

Download the entire May 7, 2012 issue of
InformationWeek
, distributed in an all-digital format as part of our
Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.
Whats the biggest challenge facing security teams? Its not preventing breaches, meeting compliance demands, or even vying for executive attention. Its managing complexity, our
InformationWeek
2012 Strategic Security Survey
finds. Now, weve been running this study for 15 years, and security has never, ever been simple. But over the past decade the threats have piled up; we have too many fancy technologies to deploy and long-winded policies to enforce--with no guarantee that any of them will reduce risk.
So lets break it down. Prioritize the threats most likely to affect your company. If you try to block every conceivable attack, youll stretch your people and resources so thin that something is bound to break. Stop worrying about what you cant control or predict and focus like a laser on where you can make an impact. That includes tried-and-true basics like strong access control. It includes taking a hard look at potential cloud providers security claims, and writing Web apps and business software with an eye toward reducing vulnerabilities. It means being prepared for when a salesperson leaves an iPad in a taxi or has her phone snatched out of her hand.
Well provide guidance on these areas in this article and go into more depth in our full 2012 Strategic Security Survey report. Well also delve into what 946 business technology and IT security professionals from companies with 100 or more employees told us in our latest in-depth look at the security landscape.
Whats In That Cloud, Anyway?
Our
2012 State of Cloud Computing Survey
shows adoption of public cloud on a consistent upward pace; just 27% of 511 respondents from companies with 50 or more employees arent in the market for these services. Unfortunately, in 2011, only 18% of our Strategic Security respondents actually assessed the security of cloud providers. This year, that number jumped to 29%. However, another 14% rely on the self-audit reports vendors provide. An example is the SSAE 16, a widely used set of auditing standards that providers say attest to controls they have in place.
We dont recommend blindly accepting these reports. One reason is that SSAE 16 attestations contain different sets of scope and system descriptions, so one providers SSAE 16 may be dramatically different from anothers. A better bet? The Cloud Security Alliance explicitly lays out a set of security best practices for cloud providers across a variety of domains, including encryption, data center management, cloud architecture, and application security. The CSAs guidelines are much more prescriptive, and the group offers the Security Trust and Assurance Registry, a free, publicly accessible registry that documents the security controls inherent in various cloud offerings. All providers can submit self-assessment reports that document compliance with CSA-published best practices.
When it comes to cloud computing risks, the most prominent concern among our survey respondents is unauthorized access to or leak of customer information. Thats unchanged from 2011. Other top concerns include worries about security defects in cloud technology and the loss of proprietary data.
Research: 2012 Strategic Security Survey

Pick The Right Battles
Our full
2012 Strategic Security
report is available free with registration.
This report includes
44
pages of action-oriented analysis, packed with
38
charts. What youll find: Security guidance on cloud, mobile and more How to get value from collecting security metrics
Get This
And
All Our Reports
To read the rest of the article,
Download the May 7, 2012 issue of
InformationWeek

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
2012 Strategic Security Survey: Pick The Right Battles