The Council's latest report details four strategies to help enterprises adapt information security programs to help enable business innovation over the next 12 months. These strategies include how to boost risk and business skills, court middle management, tackle IT supply chain issues and build tech-savvy action plans.
The Council's guidance will help enterprises face the impact of the technology adoption of cloud computing, social media, mobile and Big Data. The Council also outlines the major impacts of these trends for security teams and how to address them.
Cloud computing – The accelerated adoption of cloud will push security concerns to the forefront. In order to meet requirements, enterprises will need to find ways to effectively evaluate their providers' security controls - which also includes implementing continuous monitoring.
Social media – Security teams will need comprehensive policies and effective security controls to actively manage the risks of social media. A good social media risk management strategy will need to involve a multidisciplinary team.
Mobile – The risks of mobile adoption continue to increase forcing security teams to have to carefully manage these risks to reap the rewards without major incidents. Security teams will need to build strategies with the understanding that the end-point is not trusted.
Big Data – The value of Big Data will require security teams to build out multi-year plans to properly evolve their security management model. These plans will enable security teams to utilize Big Data to detect and more effectively remediate security threats. To be the most effective security teams must also be involved in any new Big Data projects from the onset in order to understand the impending risks and develop the strategies to manage them.
Eddie Schwartz, Chief Information Security Officer, RSA, The Security Division of EMC, comments: "Information security must evolve in 2013 from reactive perimeter and signature-based approaches, to risk-based programs that protect the most important business assets in whatever context they may exist – cloud, mobile, or traditional data center. To succeed security leaders must invest in intelligence-driven strategies that harness the power of Big Data analytics and agile decision support."