RSA Report Reveals Gaps in Information Security Programs

Accelerated enterprise adoption of Big Data, mobile, social media and cloud computing introduces significant gaps in security programs.

RSA, The Security Division of EMC, released a report of the Security for Business Innovation Council (SBIC) that assesses how disruptive innovation, considered analysis of Big Data, cloud computing, enterprise mobility and social media will transform the IT field business and strengthen the foundation of information security strategies in 2013.

The most recent report of the SBIC, called “Information Security Shake-Up: Disruptive Innovations to Test Security’s Mettle in 2013,” is inspired by the art and the real experiences of 19 security leaders including ABN Amro, AstraZeneca, Coca-Cola, eBay, FedEx, EMC, Fidelity Investments, Johnson & Johnson, and Wal-Mart, who represent some of the world’s most innovative security organizations.

At most organizations, the C-suite ‘gets it’ but security teams now face resistance from middle managers who don’t want to expend their resources on security. Security teams must build these relationships, helping middle managers to understand security’s value, the SBIC report says. The top executives in large part already understand and prioritize information security. But getting the same involvement of middle managers will probably be an even greater challenge, according to the report.

Cloud computing, social media, big data, and mobile devices are the big disruptive technologies facing security teams in the New Year, according to the SBIC.

The study details four strategies to help businesses adapt information security programs to stimulate business innovation in the next 12 months. These strategies include how to improve the risk and business skills such as seeking middle management, resolving problems with supply IT chain and how to build action plans with technology savvy. It also highlights the major impacts of these trends for security teams and how to address them.

1. Cloud Computing – The accelerated adoption of cloud will increase security concerns. To meet the requirements, companies must find ways to effectively evaluate the security controls of their service providers, which also includes implementing continuous monitoring;
2. Social Media – Security teams need comprehensive policies and effective security controls for managing risks in an active social media. A good risk control strategy will need to involve a multidisciplinary team;
3. Mobility – The risks of adopting mobility continue to increase, forcing security teams to carefully manage the risks to obtain benefits without major incidents. They will need to form strategies assuming that the end point is not reliable;
4. Big Data – The value of Big Data requires that security teams to formulate plans for several years to evolve adequately its security management model. These plans allow security teams use big data to detect and remedy with more efficiency security threats. To be most effective, team need to be involved in new projects from the beginning to understand the dangers of denying and develop strategies to manage them.

Information security must evolve in 2013 as a perimeter reactive and signature-based approaches to risk-based programs that protect the most important assets of the company in all contexts – cloud, on mobile devices or in traditional data centers. To succeed, leaders must invest in smart security strategies that use the power of Big Data analysis and agile decision support.