ISACA Survey- IT Leaders in India Believe Mobile Devices Pose a Serious Risk To Enterprises
• 92% of IT leaders believe mobile devices pose a great threat to enterprises
• 43% in India have still not adopted cloud computing for any IT services as part of their plan for 2011
ISACA Survey
ISACA, a nonprofit global association of more than 95,000 IT professionals worldwide, today released the second edition of the annual IT Risk/Reward Barometer survey, which has uncovered several surprising results regarding how risks from mobile devices are perceived and the usage of cloud computing in India.
More than 90 percent of Indian IT leaders believe that mobile devices, whether employer-provided or personal, pose a risk to enterprises. More than 50 percent of respondents in India recognize this risk from mobile devices and said that their enterprises have put policies and systems in place to mitigate the risk arising out of mobile devices use. These security measures include controlling application installations, remote-wipe capabilities, encryptions and password requirements, to name a few. The survey also shows that 56 percent of respondents say that their enterprises do not allow installation of applications on mobile devices used for work activities. Mobile devices, in this case, include smart phones, flash drives, notepads, tablets and broadband cards.
Commenting on the survey findings, Sandeep Godbole, a member of the ISACA India Task Force, said, “Mobile devices and mobile computing are posing tough questions to organizations. These pertain not just to technology but also fundamental questions related to intent and strategy. The survey results are an eye opener and present an interesting dichotomy from the governance of IT perspective. The results indicate a fair level of awareness about technology risk and technology risk management among Indian enterprises. At the same time, they seem to be a bit slow in adopting new technologies and practices that promise significant benefits and value. We need to understand that risk reduction no doubt is important; however, equally important is the ability to generate value and rewards.”
IT risk management becoming more strategic – This year’s IT Risk/Reward Barometer indicates that striking a balance between reducing risk and enabling reward is evolving towards a more strategic, cross-enterprise view. The survey indicates that 87 percent of enterprises have effectively integrated IT risk management with their overall approach to risk management. Increasing risk awareness among employees is considered the most important driver in improving coordination between IT risk management and enterprise risk management.
Commenting on the survey findings, Niraj Kapasi, CISA, chair of the ISACA India Task Force and IT auditor, said, “There has been a gradual improvement in the scenario in India as compared to the previous findings, especially in aligning the enterprise risk management strategy with managing IT risks and also in ensuring that IT is more aligned with business needs. However, much more needs to be done to integrate governance of IT with corporate governance to derive value. ISACA’s COBIT, Val IT and Risk IT provide the right tools for implementing controls, measuring value and managing risk in IT as a part of the overall enterprise governance objectives.
Lack of acceptance of cloud computing in India – According to ISACA’s 2011 Risk/Reward Barometer survey, as many as 43 percent of enterprises in India have still not adopted cloud computing for any IT services as part of their cloud computing plan. In the US, 61 percent of enterprises do not have a definite plan of deploying cloud computing in 2011.
The major concerns in deploying cloud computing, as cited by Indian IT leaders, are security and privacy concerns and the discrepancies in the type of data/service. However, the respondents whose enterprises do use cloud computing noted that cost optimizations and availability, centralized operations, and cost reductions were the primary drivers.
Information security and risk jobs on the rise – In the Indian IT industry, a high percentage (65 percent) of members expects their enterprises’ staffing requirements for information security to increase over the next year, with an additional (34 percent) expecting to remain at current levels. Similarly, 66 percent expect risk management staffing requirements to go up, with 1 percent expecting requirements to drop.
“The government of India has just released additional regulations on privacy and role of intermediaries, increasing the demand for security and risk professionals, and we are going to face a severe crunch unless the numbers are increased quickly. Universities need to have more courses on IT security and IT risk management and students need to have specialized security and risk knowledge and experience to be on top of these issues,” said Kapasi.
I think survey got shocking result but can’t be ignored as well.
We need to take corrective action to remove this threat in future.