Serious gaps remain between cyber concerns, investments

CompTIA 2012 Information Security Trends Survey

The idea that mobile and cloud are forcing changes in public and private IT security is not new, but agencies and businesses still may not be adequately prepared for the accompanying threats, according to a new study. The introduction of new technologies into the workplace opens doors to innovation and productivity, but it also introduces new vulnerabilities. Addressing those dangers requires a forward-looking security stance that incorporates a range of measures, prioritizing what is most critical and accounting for evolving trends and developments.

“In an increasingly digital, interconnected world, cybersecurity affects more organizations on more levels than ever before,” CompTIA’s tenth annual Information Security Trends report, released this month, states. Organizations are faced with ever evolving threats and at the same time, organizations must balance the need to allow workers the freedom to leverage the most powerful aspects of technology, such as mobility, information sharing and collaboration.”

Of the more than 500 organizations, largely private sector, surveyed by CompTIA, it seems most are taking note. The majority -- 57 percent -- said their organizations have implemented at least a moderate amount of change in their security approach over the past two years, with another 10 percent reporting a drastic amount of change.

More than half said the primary driver for change has been shifts in IT operations, including moving to the cloud and incorporating mobility. Security breaches at other organizations and internal breaches also were among top reasons for making changes to security strategy.

But are the changes enough? Participants in the study cited Internet-based applications, mobility and social networking as top concerns; however, they continue to invest most heavily in more conventional areas of IT.

“A main theme we’re seeing is that the security changes are a response to the different ways companies are using technology and the different tools and systems available to them,” said Seth Robinson, director of technology analysis at CompTIA.

But despite those rapid changes, security is not necessarily seeing commensurate upgrades, and Robinson highlighted the disparity between top concerns and top investments.

“It comes from traditional mindset -- they’re still thinking about a secure perimeter where confidential corporate information is stored inside, with the primary concern being someone coming in and stealing it,” Robinson said. “That’s still a concern, but now, with mobile and cloud, that notion of a secure perimeter is eroding rapidly. They have to take a different approach to securing data and against different threats that may present security risks.”

Robinson pointed out that although federal agencies were in the minority and were not singled out in the study, the themes are similar within the government IT security landscape as well, although at a slower pace than in industry.

“We’ve found that government agencies tend to be a little more conservative with their approach. With something like cloud, agencies are more cautious in its use because they have security and compliance concerns. And yet with that caution they still try to use the technology because it has such great benefits,” he said. “Even though some government agencies are not using mobile or cloud in same way a private organization would, they still try to some degree, and to that degree they need to consider the pros and cons in enabling employees versus risks that could occur.”

Whether public or private, that risk analysis is something organizations need to be implementing more of, Robinson said, adding that adequate -- and ongoing -- staff security training is critical as well.

“Risk analysis is becoming a very important part of security -- a lot of companies are finding they can’t just say, ‘Let’s secure everything as securely as possible,’” he said. “Another priority is realizing... that you can’t just assign security to the IT department anymore, because technology is getting used more and more throughout the organization. You have to expand your notion of your center of expertise.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group