3) With more mobile devices brought into the workplace, what kinds of specific security threats can we expect?
BYOD liberalised the control IT administrators have over device usage within the organisation. With more and more corporate data stored or accessed by devices not fully controlled by IT administrators, the likelihood of data loss incidents directly attributable to the use of improperly secured personal devices will rise in 2012. Trend Micro has predicted that more high-profile data loss incidents via malware infection and hacking will occur in 2012 - as employees carry and work on more mobile devices, they open themselves up to higher risks of mobile malware invading into device users' privacy by stealing personal and corporate data stored.
4) As cloud computing usage becomes more sophisticated, what are the security threats that come with this technology?
Trend Micro envisions that during 2012 and beyond, business will need a more holistic and a smarter security. With the rapid consumerisation of IT and the sophistication of attacks, businesses will need better and faster threat protection that enables business productivity while increasing efficiency and manageability of their security.
Some of the key threats:
- Data Loss/Leakage: Data loss or leakage can have a devastating impact on a business. Beyond the damage to one's brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications.
- Insecure Application Programming Interfaces: Cloud Computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs. Reliance on a weak set of interfaces and APIs exposes organisations to a variety of security issues related to confidentiality, integrity, availability and accountability.
- Malicious Insiders: The threat of a malicious insider is well-known to most organisations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.
The impact that malicious insiders can have on an organisation is considerable, given their level of access and ability to infiltrate organisations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation.
5) What is the one and most important advice you'd give to IT leaders and personnel in 2012?
Sign up for CIO Asia eNewsletters.