A new, global study on information security by Ernst & Young underscores the need for enterprises to take on an “information-centric” view, to align security with the flow of business information. “It is about understanding how information flows between customers and your trading partners, identifying the stuff that is sensitive and securing it in the most appropriate way,” says Paul Mahan, partner in technology and security risk services, Ernst & Young New Zealand. “This means stepping away from the technological solutions and understanding the flow of information of your partners and customers, and doing what we call a security risk assessment of the whole flow of information.”
This admonition comes on the heels of the results of the 12th Ernst & Young Global Information Security Survey. The report cites the imperative to take on a more information-centric view of security amidst increasingly connected businesses, and a mobile and global workforce.
This perspective is also important as enterprises adopt virtualisation and move some of their functions to the cloud environment. The survey finds more companies are adopting virtualisation and cloud computing but few are considering their IS implications.
The survey finds 91 per cent of New Zealand companies use virtualisation, compared to 67 percent globally. On cloud computing, around 70 per cent of New Zealand respondents say they are evaluating it, compared to 36 per cent globally.
New Zealand is very much early adopters of technology where there is a cost benefit, says Mahan. Some corporates will start to move some of their back office type systems and functions to the cloud computing environment. “This raises a whole lot of questions about security and it comes back to an information view of security.”
We need to understand what our outsourcers are doing with the data, he says. “Once outsourcing comes into play, companies need to understand what their service providers are doing with their information, what threats they are exposed to and what security measures are in place.”
He says organisations need to ensure they ask the right questions and have the right clauses in their contracts to manage the associated risks.
Senior executives from around 1900 organisations across major industries in 60 countries were interviewed from June to August 2009 for the report.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.