Security and risk governance
Ecosystem Not Enterprise
Gartner predicts that by 2017, the proportion of IT corporate spending—that which will be spent outside the internal IT organization—will rise from 38%, at present, to over 50%.
Changes to the business model and underlying IT functions are driving the need for a clearer, better approach to information security governance. One that’s increasingly flexible in its response and quicker in dealing with business change and the need for innovation. Read the full report, Security and Risk Governance, find out how organizations are addressing threats.
Adoption of cloud services—part of the change—is driven by organizations’ desire to reduce costs, increase flexibility, and quickly adapt to future business requirements. The result: Organizations no longer own the end-to-end operations of their IT organizations. The assets belong to, and are under control of, a remote third party. The data held in that infrastructure is still owned by the organization, so it remains legally responsible for it. Still, the data is processed out of the organization’s direct control and potentially in multiple geographic locations.
The increasing demand for mobility and access to any data, at any time, at any place, and on any device has coincided with the increased use of personal devices. Moreover, this access is no longer restricted to employees. Partners, third parties, and customers also need access to core system information.
This means your organization’s data may be processed and held externally, and used on noncorporate devices, all of which is out of your direct control. Yet, this data is still your organization’s lifeblood, and it’s still the organization’s responsibility to ensure full compliance with regulatory and privacy-related requirements.
So, what are the new governance requirements and resulting risks arising from this New Style of Business? With an ever more technologically advanced business operation, organizations face even more sophisticated high-tech cyber threats. The news is full of recent cyber events, resulting in significant financial impacts and personal consequences after attacks within global businesses. As a consequence, there is a greater need to manage new risks.
An organization can only plan for appropriate defense strategies to manage and prevent cyber breaches by understanding these risks and balancing them against the business opportunity that change enables. This requires an information governance structure in which everyone knows who is responsible for what, who reports to whom, and what steps need to be taken to defend against and respond to a cyber-attack. It’s essential to lay out your organization’s structure to manage these elements and ensure that today’s business requirements are reflected in a business-led security governance and management structure. This enables your organization to be prepared to face today’s cyber risks and handle them appropriately.
To learn more, read the full report, Security and Risk Governance.