A report from (ISC)² from the start of this year suggested that there were not adequate capabilities in training or knowledge on how to deal with new technologies.
The research found that 59 per cent of its respondents were not following key security and quality processes rigorously, is this because there is too much confusion on the jargonised terms used and not enough training on these new technologies?
I asked John Colley, managing director EMEA at (ISC)2, on whether technologies such as cloud, SaaS and mobile device management were posing a challenge to businesses.
Colley said: “If you look at social networking or mobile devices and think about what is going on in most people's personal life, I don't hear of any relationships between what people are doing at work and what is used in a commercial environment and what to do about securing it. People do want to do it so you need to know what the security implications are.
“Interestingly consumerisation is driving a lot of this; people are using stuff and the boundary is becoming very blurred between a home and work life. We have added questions on the cloud and what the risks are and how they learn is part of the CISSP exam. It is not in at the moment, but we continue to address the tasks and add topics in and update references and the training material that comes with it. That is for the new people but for the CPD, they can choose what they want to learn about it.
“The business model is very different and consumerisation is also driving cloud as you can buy access to a cloud service on a personal credit card and how it is controlled is quite different. The business does not know what critical information is being run or stored on it and for a CIO to say that they do not know is not an excuse, as the CISO is meant to be responsible for it.
“Instead of getting ahead of the game, it is all about catching up and organisations are using the cloud and need to know about it. The CISO has to be on top and think about new technologies and have to have skills to deal with them, we have found some organisations have a network security champion or a database security champion.”
A survey by Check Point and the Ponemon Institute found that 31 per cent of its 140 respondents believe the primary concern with emerging Web 2.0, cloud and mobility technology adoption is compliance.
I asked Jericho Forum board member Paul Simmonds on whether he felt that IT executives were struggling to keep up with new technologies. He commented that the problem is often that users cannot keep up and often go back to old methods that they have been using for years.
“People are using Android and Apple for applications, saying that with the existing model you can tunnel through the firewall into the environment. Jericho Forum has been saying for ten years that this is a real no-no. You can secure identity and on corporate owned machines, with anti-virus and a VPN, but now with Android, you have unsecured devices with third party software doing the same and proliferating. Three times the connections into the perimeter and access is made,” he said.
“With a lot of new technologies, we are playing catch-up and the issue is we get told ‘we have bought this and we want it integrated'. Consumerisation is the shift in power and business is saying ‘you interact with me'. Provide an application and seeing with corporate IT department and ‘want you to interact with us'.”
How adept you are at keeping up to date with modern technologies could be a factor in how confusing new technologies are, but then again the business could be the biggest driver in your rushed adoption. Either way there is an opportunity to learn and it may best to be prepared for, rather than behind the wave.