Some Australian companies consider Cloud adoption more important than an updated information security strategy according to research conducted by consultancy firm, Ernst & Young.
In its latest Global Information Security Survey which surveyed 1,700 companies including 165 in Australia, 76 per cent of respondents said there was an increasing level of risk due to external threats.
However, only 42 per cent of the firms surveyed had updated their information security strategy in the past year.
Ernst & Young Australia information security leader, Mike Trovato, said in a statement that this posed a risk as 69 per cent of Australian companies surveyed were using or considering the use of Cloud computing services within the next 12 months.
“Despite increasing Cloud adoption, many organisations in Australia are still unclear of the security implications of Cloud and are slow to adopt [strategies] therefore falling behind their global counterparts,” Trovato said.
“What we are seeing are organisations either moving to the Cloud prematurely and without appropriately considering the associated risk, or avoiding it altogether,” he said.
However, 66 per cent of respondents were in favour of an external Cloud certification, with 35 per cent added that the certification should be based only on an agreed-upon standard.
The survey also found that few Australian organisations had sought certifications or done their own security site assessments.
“So, while their greatest fear is losing sight of data in the Cloud, few actually go looking for controls,” Trovato said.
“While there is work being done in this area globally, organisations cannot rely on external bodies to address all of the risks associated with Cloud computing,” he said.
“The risks are undoubtedly significant and must be managed within an organisation by implementing formal IT risk management procedures.”
Turning to the risks posed by social media, 55 per cent of Australian respondents indicated that they were implementing policy adjustments, while 48 per cent had introduced security and social media awareness programs. In addition 44 per cent planned to limit access to sites such as Twitter and Facebook.
Trovato added that 11 per cent of respondents were presenting information security topics at each board meeting while 40 per cent were presenting topics every quarter. However, only 49 per cent stated that their information security strategy was meeting the needs of the company.
“It’s time that security was elevated to the board room with a defined strategy that will support the business in the Cloud and elsewhere," he said.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU