Private Clouds, Cyber-security, Privacy: ISACA Issues Guidance on Top 2013 TrendsAdded 20th Dec 2012
ISACA, a non-profit global association of more than 100,000 IT audit, security, risk, and governance professionals, released guidance on managing three top trends expected to pose major challenges to Indian businesses in 2013: Private vs. public clouds, cyber-security threats, and data privacy.
Debate over Private vs. Public Cloud
Over the next 12 months, information security concerns will prompt a growing interest in private or hybrid (public/private) cloud solutions. The expected rise of “personal clouds” will add to the challenge of protecting data across multi-platforms. Cost, speed, manageability, and security are the factors most debated in cloud computing.
ISACA’s 2012 IT Risk/Reward Barometer shows that IT professionals remain wary of public clouds; 64 percent believe that the risk of using public clouds outweighs the benefit.
At the same time, it was highlighted that 66 percent of respondents in India believe that the private cloud has its own benefits which overcome the possible risk factors. This finding showed that respondents believe the benefits of private cloud far outweigh the risk, when compared with other cloud platforms, such as hybrid (17 percent) and public (15 percent) cloud platform.
The survey also highlighted that 31 percent of respondents have deployed private cloud for mission-critical services, compared to public cloud (6 percent) and hybrid cloud (7 percent). At the same time, for low-risk, non-mission critical services, enterprises are bullish on deploying public cloud (26 percent), compared to private cloud (22 percent) and hybrid cloud platform (23 percent).
Increasingly Sophisticated Cyber-security Threats in India
Viruses that send unsolicited e-mails and attack web sites, as well as search engine poisoning—where unwitting users are misdirected toward questionable or fraudulent sites—are among the increasingly sophisticated tactics used to capture and exploit consumer data and pose threats to international supply chains.
Due to phishing scams and social engineering attacks, clicking on an e-mail link from a work-supplied computer or smartphone presents a high risk to enterprises, say 56 percent of IT professionals in India.
Avinash Kadam, advisor, ISACA’s India Task Force, says, “With the growing number of cyber threats, it is critical for enterprises to safeguard their information assets. Addressing cyber issues should be considered beyond defining internet policies. It is equally important for enterprises to educate their employees on information risks, as it is not just an IT issue, but also a business issue.”
To address the growing cyber-security concerns in India and throughout the world, a team of ISACA members is dedicated to researching cyber-security issues and developing guidance to help enterprises protect their information assets. ISACA recommends that management address cyber-crime across all areas, including:
• Incident and crisis management
• Cooperation with investigating organizations
Growing Privacy Concerns
In the coming year, IT professionals will have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy.
Niraj Kapasi, IT auditor and chair of ISACA’s India Task Force, says, “Enterprises in India should be conscious that data protection goes beyond securing servers at datacenters or office premises. With the growing number of cyber threats globally, information risk can come from existing employees, customers, industrial surveillance by competitors, hackers, organized crime, and even foreign governments.” He added, “It is important for business leaders to govern privacy, evaluate the risk around privacy, ensure proper security management and effectively govern sensitive information.”
Enterprises can use the COBIT 5 framework to govern their information and systems. The framework publication is available as a free download at www.isaca.org/cobit.
University researchers have developed a technique that governments and Internet service providers could use to bypass secured Internet connections and gather valuable personal information.
For this month's "Patch Tuesday" round of bug fixes, Microsoft has focused on correcting multiple vulnerabilities in Internet Explorer (IE), including one that is already being used in targeted attacks.
Latest research by BAE Systems Applied Intelligence has shed more light on the Snake cyber espionage toolkit.
Hewlett-Packard has found some success with a platform, called Aurasma, that provides augmented reality services to portable devices.
Huawei's enterprise unit has launched the FusionCube for high-end HANA systems and will also work with SAP on products for areas such as enterprise mobility.
People who plan to run Windows XP after Microsoft pulls the patch plug should dump Internet Explorer (IE) and replace it with a different browser, the U.S. Computer Emergency Readiness Team (US-CERT) said Monday.
Aviation experts have cited multiple possible reasons for the problems in the multi-country effort to locate the Malaysia Airlines jetliner that dropped off the grid over the South China Sea four days ago.
A wearable ring device, called Fin, developed by a 23-year-old Indian is the latest sensation in wearables.
As a company that draws more than 2 billion eyeballs per month, Facebook was a fitting harbinger of trends to come at an optical networking conference.
SAP has joined forces with the German national soccer team ahead of the World Cup in Brazil to showcase what analytics powered by its HANA platform can do to improve performance.
The fourth quarter of 2013 was when cyber crime became a reality for more people than ever before, a McAfee report has found.
The Cloud offers cost benefits that may rival traditional datacentre deployments, though Hitachi Data Systems (HDS) said it is not without its risks.
"There are four critical questions every enterprise and IT administrator should ask when considering file sharing services," says Adam Gordon, author of "Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)." These include: Where will the service store and share files? Who will view the files? How will the service protect the files? And, what types of files will the service permit in the storage system? If a service provider doesn't respond satisfactorily, CISOs should consider their options.
Apple has released iOS 7.1, with an array of visual tweaks, some bug fixes, and an option that lets users turn off the so-called "parallax effect" that creates an illusion of changing perspective, and hence motion, in the radically redesigned user interface.
Encryption technologies can be a powerful tool against government surveillance, but the most effective techniques are still largely out of reach to the average Internet user, Edward Snowden said Monday.