Emerging security trends and risks
Insights for the business executive
2011 was a remarkable year for IT security.
The frequency and scope of data loss, “distributed denial of service” attacks (preventing legitimate users from accessing a service) and “social hacktivism” (using computer networks for social or political protest) reinforce the need to protect assets in an increasingly connected world. Because it is unrealistic to avoid new connection-enabling technologies, business executives can address emerging security risks by: building a proactive security intelligence capability; developing a unified view of all endpoints, including mobile devices; protecting information assets at the database level; and creating safer social habits.
Protecting against cyber threats in the modern business infrastructure
Enable innovation with secure approaches to cloud, mobility, social business, big data and more.
With headlines touting the financial, political and brand implications associated with modern security breaches, boardrooms are buzzing with the topic of information security. The discussion is fuelled by technological shifts that are expanding the boundaries of business infrastructures. New computing trends like cloud, mobility, and social business can foster innovation, collaboration, competitive advantage and closer connections with customers. But they are also stress points where trust and risk collide - pitting usability and access to information against cyber threatsand vulnerabilities. Advances in enterprise computing and a massive accumulation of data have raised the stakes. Business continuity, brand image, financial results and strategic execution are all at risk. As a result, executives have both heightened interest and increased expectations for IT security. Addressing these expectations requires informed, aligned, intelligent risk management that encompasses:
Finding a strategic voice
Insights from the 2012 IBM Chief Information Security Officer Assessment
With explosive growth in connectivity and collaboration, information security is becoming increasingly complex and difficult to manage. Yet, some security organizations are rising to the challenge. Our research reveals a distinct pattern of progression - and distinguishing traits of those that are most confident and capable.
These forward-thinkers are taking a more proactive, integrated and strategic approach to security, highlighting models worth emulating and the emerging business leadership role of the Chief Information Security Officer (CISO).
IBM X-Force 2011Trend and Risk Report
2011 - Year of the security breach
From mid-year to the New Year - the breach plays on
At the mid-year, IBM X-Force declared 2011 “Year of the Security Breach” which was marked with a litany of significant, widely reported external network security breaches and other incidents, notable not only for their frequency, but for the presumed operational competence of many of the victims.
The second half of 2011 continued to demonstrate common reports of weekly wide-scale network security breaches, leaving a wake of leaked customer data, inaccessible web services, and billions of dollars of damages. IT security is now a board room discussion affecting business results, brand image, supply chain, legal exposure, and audit risk. In the IBM X-Force 2011 Mid-year Trend and Risk Report, we looked at the underlying motivations, attack methods, and basic security practices which were circumvented to set 2011 apart as the year of the security breach.
Strategies for assessing cloud security
Cloud computing provides flexible, cost-effective delivery of business or consumer IT services over the Internet. Cloud resources can be rapidly deployed and easily scaled, with all processes, applications, and services provisioned on demand, regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, streamline IT management and better align IT services with dynamic business requirements. Cloud computing can also simultaneously support core business functions and provide capacity for new and innovative services. Both public and private cloud models, or a hybrid approach using both models, are now in use. Available to anyone with Internet access, public clouds are acquired as a service andpaid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many of the same benefits as public clouds, but give the owner greater flexibility and control. Although the benefits of cloud computing are clear, so is the need to develop proper security for cloud implementations - whether public or private. Embracing cloud computing with-out adequate security controls can place the entire IT infrastructure at risk. Cloud computing introduces another level of risk because essential services are often outsourced toa third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate compliance. Even if IT workloads are transitioned to the cloud, users are still responsible for compliance and data security. As a result, subscribers must establish trust relationships with their cloud providers and understand the risk posed by public and/or private cloud computing environments.