It's high time for enterprises to stop viewing backup and business continuity as separate from their security environment, according to Telsyte analyst and former journalist Rodney Gedda.
Speaking to the NetIQ CSO Security Forum, Gedda said that recent Telsyte research indicated that only a minority of respondents were confident that their backup processes were up to the task of rescuing their business in the event of a serious security incident.
The research also suggests that CIOs aren't yet confident about operating in the cloud, with 41 percent of respondents nominating cloud security as “very important” or critical. Mobile security is also high on the agenda, identified by 54 percent of respondents to the same categories.
In fact, he said, Telsyte's research suggests that few CIOs – even those which are taking their first tentative steps towards the cloud – are confident that the cloud provider's security is adequate, or that the provider's backups would be more effective than their internal processes.
“In the future we will need to see convergence of backup and recovery as part of the security process,” Gedda said. It's not much good to fortify everything – if, when something goes wrong, you can't recover anything.”
It comes as no surprise that respondents to the study remain confused in the face of the bring-your-own-device (BYOD) invasion into the enterprise. CIOs are aware of the growing numbers of staff bringing their own devices; they're concerned at the threats and even reporting rising incidents of attacks arriving via mobile vectors.
He said that 46 percent of CIOs expressed concern about document loss via mobiles; loss of contact lists and mobile application privileges were both nominated as of high concern by 41 percent of CIOs.
In the face of all this, then, it was surprising to find that only 21 percent of respondents intend to deploy mobile device management and security software in the next 12 months, he said.
Gedda also questioned the level of CIO awareness of what's going on in their cloud environment. While they were able to report 15 percent experiencing in mobile attacks and 14 percent rise in social engineering attacks on their companies, only 3 percent believed there had been an attack on their cloud provider.
While some of this represents the relative immaturity of cloud deployment in Australian business, Gedda said, there's also a lack of awareness – particular in a jurisdiction like Australia where breach notification has not yet been mandated by law. This makes it highly likely that security incidents still take place that are not known to the customers.