CSOs are concerned about economic downturn – but excited by Cloud Computing
December 2008 by Marc Jacob
The changing dynamics of risk management, outsourcing and the opportunity for cloud computing were all subjects hotly debated by senior security professionals participating in the London meeting of the CSO Interchange, a high level forum geared to discussing hot topics of the day which took place last Thursday. The overall theme for the day was “Getting smart: managing business better in the new economics” and certainly economic pressures were a consistent undercurrent throughout the day’s discussion groups. The current economic downturn was seen as the greatest risk to organisations today and over 41% listed this as a more significant security risk than threats to data security from disgruntled employees or cyber crime attacks. Against this backdrop SaaS and Cloud Computing were seen as opportunities that would grow significantly over the next five years.
In his opening speech at the event, Qualys CEO, Philippe Courtot, addressed the current economic down, outlining the current consolidation taking place in enterprise software and the corresponding rise of the Software-as-a-Service model – now commonly called Cloud Computing. He predicted that security professionals will conclude that the SaaS model is a more effective alternative for securing data than having enterprises encumbered it with themselves. Cloud Computing attracted some lively discussion during the day across the round tables.
87% of those surveyed believe that Software-as-a-service (SaaS) services will replace enterprise software for mission critical applications within the next five years with 16% even believing this will happen within one year. 63% had already conducted an initial assessment of the value of cloud computing while the rest were now planning to do so. Traditional misconceptions about the security of SaaS are easing with 55% convinced that SaaS makes information easier to secure.
A different risk dynamic is evolving with the economic downturn. Risk and regulatory pressures were seen as key drivers in security strategy Outsourcing has become more prevalent – but not without due regard for essential risk management. 60% of the CSOs are outsourcing security services and 68% of have a complete approach to risk management in place to cover outsourcing.
Merlin, Lord Erroll, one of three keynote speakers at the CSO Event, raised some interesting political questions and considerable cynicism was shown by the assembled group.
95% do not believe that the government will restrict the use of personal communications data for intelligence purposes only 52% are not happy to have their centrally held biometrics data used to clear up general crimes
Most have taken heed of last year’s massive data breaches….47% are now significantly more aware of privacy requirements now compared to one year ago.
These and other interesting findings were revealed in an interactive survey of 30 top ranking professionals from major blue chip organisations taking place at the event organised by Qualys. The survey consisted of 29 key questions relating to business issues of importance to security executives.
Other participating keynote speakers in addition to Lord Erroll, were Stephen Bonner, Head of Information Risk Management at Barclays, gave a practical insight on how to implement a group-wide data privacy programme in over 60 jurisdictions, and Paul Dorey, former CSO for BP and now Chairman of the Institute of Information Security Professionals and Director of CSO Confidential. Paul presented on “Security performance management: how to get the best bang for your buck in the new economics”. Roundtable discussions were led by other influential CSOs and focussed on Cloud Computing, Outsourcing and Information Leakage, Risk Evaluation and the Convergence of Physical and IT Security.