Only around a third of respondents admitted to having an accurate inventory of staff and client personal data, while a similar number said they accurately recorded locations and jurisdictions of stored data.

According to the survey, some 88% of consumers have a mobile device they use for themselves and at work, but most businesses (55%) have no strategy covering the use of personal devices in the office.

One analyst said: “Many organisations underestimate the value of the information already held within their IT systems. But the only way to effectively identify cyber threats or other network issues is to have 360⁰ visibility in every piece of data your IT systems generate.

“The need for a proactive and continuous view of all activity has never been more important. And organisations should understand the security benefits that Big Data analytics and potentially provide.”

The report also shows that while security incidents are being reported in increasing numbers, only 45% planned to spend more on security over the next year.

In fact, separate research shows that 52% of British firms haven’t increased the security element of their IT budget in five years. But over three quarters (77%) would be motivated to increase their security spend by data breach penalties such as ones being mulled over by the EU.

Source: net-security.org/

Only around a third of respondents admitted to having an accurate inventory of staff and client personal data, while a similar number said they accurately recorded locations and jurisdictions of stored data.

According to the survey, some 88% of consumers have a mobile device they use for themselves and at work, but most businesses (55%) have no strategy covering the use of personal devices in the office.

One analyst said: “Many organisations underestimate the value of the information already held within their IT systems. But the only way to effectively identify cyber threats or other network issues is to have 360⁰ visibility in every piece of data your IT systems generate.

“The need for a proactive and continuous view of all activity has never been more important. And organisations should understand the security benefits that Big Data analytics and potentially provide.”

The report also shows that while security incidents are being reported in increasing numbers, only 45% planned to spend more on security over the next year.

In fact, separate research shows that 52% of British firms haven’t increased the security element of their IT budget in five years. But over three quarters (77%) would be motivated to increase their security spend by data breach penalties such as ones being mulled over by the EU.

Source: net-security.org/

The survey of 250 IT private and public sector decision makers revealed that just over 60% of organisations use a cloud-based service. The figure in 2011 was under half – 48%.

More firms are trying out services before they commit – just under 60% had completed a pilot study before deciding on a supplier.

And CIF chair Andy Burton stressed that these trials were important to establishing trust between provider and customer, and so should always be available.

There are now also more meaningful industry-wide standards, and cloud contracts, previously a barrier to the adoption of cloud services, adds the CIF.

However, security and data privacy remain key concerns for those who migrate to the cloud. It’s a primary worry for over three quarters of those in the private sector and 90% in the public sector, reveals the survey.

Other concerns included fear of losing IT control, supplier lock-in, the cost of migration and data sovereignty.

However, 92% who used cloud services said they were happy, with 75% planning to use the services more over the next 12 months.

Cost savings and flexibility were cited as the main factors behind the increased cloud adoption.

Only 8% of those surveyed said they would not use cloud services in the next year.

Burton added: “The challenge now is about integrating cloud in the wider IT agenda of the business, and managing it.”

The CIF now says that, by the end of next year, over three quarters of British firms will have at least one cloud service, and that, among current users, a similar number would increase their cloud computing budget.

Source: ComputerWeekly.com 

When it comes to memory sticks, research has indicated that, for many organisations, there is a security gap. With so much focus on protecting networks from external threats, it’s all too easy for USB drives to slip through the net.

Employees regularly use their own drives to transport files without IT department approval. Equally, many organisations don’t know how many memory sticks are in use, and whether these store sensitive data.

Customer records, business and marketing plans have all reportedly been copied on to unprotected USB drives.

The first step is to ensure that your company-wide data security policy includes USBs, and that these guidelines are published to all staff, so that everyone understands the role they have to play in this aspect of data security.

Here are some points to include:

• Only USB drives issues by the IT team should be used. At any one time, your organisation should know who is using which drive – and why.
• No personal drives should be hooked up to any of your company’s networks.
• All data transferred to a USB drive must be automatically encrypted to 256-bit AES standards. Use hardware rather than software encryption. Windows users can also encrypt any USB drive using BitLocker To Go.
• Data transferred to memory stick should also be backed up so it can be recovered if lost or damaged.
• Using a lot of these mobile drives? Find a supplier offering a central control panel so your IT team can update encryption, passwords and so on remotely. Drives should also be able to be remotely terminated.

It’s easier and quicker than you may have realised to take steps to include USBs in your company’s security policy, and take care of this potentially worrying issue.

Intelligence agency GCHQ says it was experiencing attacks at an unprecedented level, including theft of intellectual property, and attempts at taking sensitive information.

Director Iain Lobban said in the booklet’s foreword: “The magnitude of these attacks is a genuine threat to our national security. Cyber security is one of the biggest challenges we face today.

“And the technical level of cyber-attacks is growing exponentially. “

Foreign Secretary William Hague, whose remit includes GCHQ, added: “Cyberspace knows no borders. Businesses must make themselves aware of the dangers. We are committed to helping reduce vulnerability to attacks, ensuring that Britain is the safest place in the world to do business.”

CSEG, GCHQ’s security arm, has released new cyber security guidelines, along with the Department of Business, Innovation and Skills, and the Centre for the Protection of National Infrastructure. These are aimed at helping the private sector to mitigate the threat to business assets.

The guidance builds on a key objective of the Government’s Cyber Security Strategy to work closely with industry to make the UK a secure place in which to do business.

Source: ComputerWeekly.com 

That’s according to the results of new research from LANDesk. The software firm surveyed 200 IT professionals, 60% of whom said they knew personal devices accessed the corporate networks. Perhaps surprisingly, just 43% said they were aware when these products were logged on.

Equally, only 23% had clear policies surrounding the use of personal mobile gadgets at work, and only a quarter were confident they could stop viruses from penetrating the corporate environment.

Around 90% of respondents also expressed concern over the potential for viruses and the safety of the company’s information.

Increasingly, of course, companies are giving corporately owned devices to staff (over three quarters, says the research) but, again, fewer than half knew when a corporate device accessed the network. And only slightly over half (51%) said they could remotely delete data from lost or stolen devices.

LANDesk’s Andy Baldin said: “Even when policies are in place, company after company has lost confidential data, and seen their core services interrupted by security breaches. IT departments are failing to take mobile device security safely. Yet the use of smart devices is only going to become more prevalent, so IT teams should be able to service mobile devices from anywhere.

“Our survey suggests the stable door is not just unlatched, it’s been left wide open. A serious security breach via an employee’s personal mobile device is only a matter a time. “

Source: Computer Weekly.com

The law now obliges website owners in the UK to ask users for permission before installing the pieces of code, or cookies, which store and pass on personal information about browsing activities to others.

The changes come from an amendment to the EU’s Privacy and Electronic Communications Directive, and became the law in Britain in May last year with a year-long grace period giving firms time to comply.

Now a study from KPMG of businesses a month before the compliance deadline has shown that, of a sample 55 sites, just 5% complied with the new rules. The research also found that the majority of the government’s own sites would not be compliant in time for the deadline.

Carried out at the end of May, the study revealed that while half the sample had updated their privacy policy, just one in five British businesses in the private and public sectors complied.

While this suggests a 15% improvement, it still indicates that over three quarters of UK organisations have not changed their websites to comply with the EU privacy directive.

The Information Commissioner’s Office (ICO), which says it has received many complaints about cookies, can impose fines of up to £500,000 but has said it prefers using enforcement notices if businesses are working towards full compliance.

The most recent survey from KPMG also shows that most of the compliant sites are depending on “implied consent” rather than giving surfers the definite choice to opt in or out.

Providing extra information on cookies, including links to relevant information, does not mean full compliance.

KPMG also stressed there is lingering confusion over what needs to be done for full compliance. Equally, organisations must balance the need for compliance with the potential business impact of changing their website.

The four steps needed for full compliance are:

• Auditing websites to identify which cookies are served
• Assessing the intrusiveness of the cookies to determine how prominent cookie consent notices should be.
• Deciding a consent strategy for the website
• Implementation of the consent strategy – this needs technical and operational changes to the website.

Source: Computer Weekly 

While it’s true that many tecchie phrases come and go (information superhighway, anyone?) cloud computing seems to have stuck – and it is used to refer to many different kinds of IT operations. In fact, the sheer amount of ground this concept covers is one of the very reasons making it so hard to pin down.

Equally, cloud computing often means something different to, say, a salesman, a programmer and a systems administrator, each of whom will have a different perception of what it means – another reason why definitions vary.

Within its first few paragraphs, Wikipedia’s page on the subject offers no fewer than 10 different types of public cloud computing, giving a sense of the scale of the topic.

One definition from the National Institute of Standards and Technology, a US government agency includes these characteristics:

• On-demand self-service
• Services can be accessed from anywhere with a mobile phone
• Resource pooling
• Scalability
• Measured billing – only pay for what you use

For many, especially small and medium-sized enterprises, Amazon web services are still the most important part of cloud, with a huge range of services on offer.

However, there is no really definitive list of what constitutes cloud-based services. Although the industry is working towards regulated sets of features, these still don’t exist. There is no final checklist for being able to use the word “cloud” in your advertising, and no legal obligations.

But – does it matter? After all, “Internet” and “World Wide Web” were used interchangeably in the 1990s and most people were able to communicate successfully with both.

Today, cloud has been used interchangeably with “virtualisation” for a while – and those that truly understand the difference may be in the minority.

Source: TechRepublic.com

At a speech at the Digital London Conference, deputy director of the UK government’s digital service Tim Loosemoore said cloud-based services would be one of the British economy’s main drivers in the years ahead.

Income from public IT cloud services are predicted to reach well over £40bn as soon as 2015. Around a quarter of that will probably be concentrated in Western Europe, while private cloud solutions could add up to another 20%.

However, there are increasing calls for rules surrounding cloud computing across borders to be less rigid. A study from the Business Software Alliance (BSA) found a “patchwork” of different laws and regulations which could hinder the flow of data between countries, and prevent the cloud from reaching its potential.

The Global Cloud Computing Scorecard benchmarking the cloud readiness of 24 nations reveals barriers to growth, and proposes a number of guidelines for boosting cloud-based economic opportunity.

The UK ranks seventh in the list of 24 countries. But, even here, businesses must register their data sets with the regulator, which the BSA describes as an “unnecessary burden”.

Thomas Boué, director of government affairs at the BSA, says: “EU Data Protection Regulation presents opportunities for cloud development. But the risk is that too many compliance obligations could have a chilling effect on digital commerce and the cloud.

“In a truly global cloud market, laws do not have to be identical in every country but they do need to be compatible.”

BSA offers a seven-point policy blueprint for expanding economic opportunity in the cloud, including encouraging openness and free trade between nations while providing robust protection against cybercrime and the wrongful use of cloud technologies.

Source: Businesscloud.com