As we look down the road at what the next year holds, let’s take a look at the biggest perceived data threats in 2012. It’s hard not to think about Roland Emmerich’s movie 2012, but hopefully our predictions for potential threats will be a little less apocalyptic than the ones in the movie. Perhaps a little more sensible and realistic.
There are some excellent reports out there on this topic – the Ponemon Institute released “The 2012 State of the Endpoint Report” and “Aftermath of a Data Breach.” Great resources.
In general, confidence in security is not doing very well. Sixty-six percent of people, according to the studies, felt that they are not more secure than they have been in previous years or are at least unsure about their level of security. And, that may or may not be an accurate reflection of the reality. Maybe it’s in part due to the level of coverage that breaches receive and the larger scale, hacktivism type of attacks that occurred over the course of the last year. We are either in a state where people don’t trust information security or we’re in a state of change, a sort of crossroads that remains to be seen. Regardless, there are some big decisions that need to be made.
Thinking about some of the emerging trends from last year, incidents of viruses and malware rose from about 27 percent of organizations to 43 percent of organizations. However, the organizations that made data protection a priority saw that same percentage drop significantly from 61 percent to 29 percent. So what’s going on here really?
I think what’s going on is that we’re seeing organizations actually being more concerned about other issues. In fact, I think the reason is that they think they’re going to have more important things to worry about. Not to say that malware and viruses are not real problems. They certainly are. But the big ticket items I think that are really causing concern this huge growth in mobility. The increase in the number of and the range of mobile platforms is a real challenge.
Inevitably, there’s this wave of concern building around cloud computing and how we manage cloud as it starts to grow in its impact on the enterprises. So these are what I think are diverting attention away from some of the old staples of security discussion: Mobility, resources, data mobility, mobile platforms, consumerization and cloud are absolutely huge challenges.
So what is on the rise? Mobility, hands down. Organizations saying that there was a significant risk posed by mobile devices such as smartphones and tablets increased dramatically. Nine percent of 48 percent of organizations foresee this as a problem. We’re seeing mobile platforms being increasingly targeted. Also there’s the exponential growth in the Bring Your Own Device (BYOD) realm. There’s a consumerization aspect; average employees are walking into the organization saying please connect my phone, tablet, etc. There was a study published end of last year by the Computer Technology Industry Association on the use of mobile devices in healthcare. They said that at the end of last year about 30 percent of doctors were actually already accessing medical records online through applications running out on smartphones and tablets. And that number is likely to grow to something like 50 percent by the end of 2012. The challenge of managing that and of extending controls in place to cover those devices is a very significant one. It’s not really any surprise that we see a big jump in the concern about mobile devices and mobile computing on a broader scale.
Another trend that’s on the rise is the increasing amount of virtualized environments. The 2012 State of the Endpoint Report showed 52 percent of organizations felt that their investments in virtualized environments of some kind are going to increase over the course of the year, or have already increased over the course of the year. It’s sobering to note that almost half the organizations don’t have at least one, single department dedicated to virtualization security. Most organizations simply share the responsibility between departments, which blurs the boundaries of who owns what.
Other increases, which aren’t really surprising, are that 91 percent of organizations saw third party or internal cloud computing risks increase. Most organizations are planning to increase their investment in the use of the cloud. It’s probably also no great surprise that a lot of organizations are still struggling with what that cloud strategy should look like. Forty-one percent say they didn’t really have a cloud strategy yet and frankly, I can’t blame them because it is a complex question. The strategy has to embrace the entire organization and yet the very nature of the way a lot of cloud services are delivered tends to undercut the central control of the typical IT and security organization by essentially delivering services to individual business units and sometimes individual users. It’s a complex problem and it’s getting more complex.
Stay tuned for the next post, where we’ll continue looking at data threats to watch out for in 2012.