Backup, DR part of security processes: Telsyte

It's high time for enterprises to stop viewing backup and business continuity as separate from their security environment, according to Telsyte analyst and former journalist Rodney Gedda.

Speaking to the NetIQ CSO Security Forum, Gedda said that recent Telsyte research indicated that only a minority of respondents were confident that their backup processes were up to the task of rescuing their business in the event of a serious security incident.

The research also suggests that CIOs aren't yet confident about operating in the cloud, with 41 percent of respondents nominating cloud security as “very important” or critical. Mobile security is also high on the agenda, identified by 54 percent of respondents to the same categories.

In fact, he said, Telsyte's research suggests that few CIOs – even those which are taking their first tentative steps towards the cloud – are confident that the cloud provider's security is adequate, or that the provider's backups would be more effective than their internal processes.

“In the future we will need to see convergence of backup and recovery as part of the security process,” Gedda said. It's not much good to fortify everything – if, when something goes wrong, you can't recover anything.”

It comes as no surprise that respondents to the study remain confused in the face of the bring-your-own-device (BYOD) invasion into the enterprise. CIOs are aware of the growing numbers of staff bringing their own devices; they're concerned at the threats and even reporting rising incidents of attacks arriving via mobile vectors.

He said that 46 percent of CIOs expressed concern about document loss via mobiles; loss of contact lists and mobile application privileges were both nominated as of high concern by 41 percent of CIOs.

In the face of all this, then, it was surprising to find that only 21 percent of respondents intend to deploy mobile device management and security software in the next 12 months, he said.

Gedda also questioned the level of CIO awareness of what's going on in their cloud environment. While they were able to report 15 percent experiencing in mobile attacks and 14 percent rise in social engineering attacks on their companies, only 3 percent believed there had been an attack on their cloud provider.

While some of this represents the relative immaturity of cloud deployment in Australian business, Gedda said, there's also a lack of awareness – particular in a jurisdiction like Australia where breach notification has not yet been mandated by law. This makes it highly likely that security incidents still take place that are not known to the customers.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Can Heartbleed be used in DDoS attacks?

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Security and Control

Protect your users on the web

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.