The document discusses information security challenges in today's borderless world of increased mobile and cloud computing use. It notes that while organizations recognize new risks from these technologies, many are not adjusting policies or security awareness accordingly. The presentation recommends that organizations establish comprehensive risk management programs, conduct risk assessments, take an information-centric view of security, and increase security controls, awareness and outsourcing to address risks from mobile, cloud and social media use. It also provides a framework to transform security programs to better protect important data and enable business needs.

1. Information security in a borderless worldTime for a re-think: Transform your security programto improve business performanceThe 3rd Kuwait Information Security Conference25 - 26 May 2011

2. Meraj AhmedPartner, Advisory Services KuwaitTechnology Sector Leader, Ernst & Young – Middle East & North AfricaMeraj is a partner in Ernst & Young MENA and leads the Technology Sector for this region. He has extensive international experience in IT governance and strategy, technology management and enablement, and IT risk and security, gained during more than 25 years of advisory services experience, of which 15 have been in regional leadership roles,. He has worked widely within the public/government, financial and telecom sectors.Meraj earned his MBA from the Wharton Business School, University of Pennsylvania, and has been a speaker at numerous international and regional seminars and conferences.

3. IntroductionOver the last year, we have witnessed a significant increase in the use of external service providers and the business adoption of new technologies such as cloud computing, social networking and Web 2.0. We have also seen technology advances that have provided an increasingly mobile workforce with seemingly endless ways to connect and interact with colleagues, customers and clients. Together, these changes are extending the enterprise, blurring the lines between home and office, co-worker and competitor and removing the traditional enterprise boundaries. It is within this changing business environment that our 2010 Global Information Security Survey specifically examines how organizations are adapting and addressing their information security needs.

4. Insights on information security60% of organizations see increased risk from using social networking,cloud computing and personal mobile devices at work.While only 52% of organizations indicate data leakage is a top “new”increased risk.87% of organizations believe the damage to reputation and brand is themost significant issue related to data loss.Yet, only 10% of respondents indicated that examining new and emergingtrends is a very important activity for the information security function.However, 61% are not making policy adjustments or increasing securityawareness to address these new threats.Source – Ernst & Young’s 2010 Global Information Security Survey

5. Borderless securityNew technology means new riskGiven current trends toward the use of such things as social networking, cloud computing and personal devices in the enterprise, have you seen or perceived a change in the risk environment facing your organization? 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise.Shown: percentage of participants

6. Mobile computingOrganizations are recognizing the increased risks associated with mobile computing and are taking steps to address the issuesCompared to the previous year, does your organization plan to spend more, less or relatively the same amount over the next year for the following activities? 50% of respondents plan on spending more over the next year on data leakage/data loss prevention technologies and processes.Shown: Percentage of participants

7. Cloud computingRisks associated with cloud computing are not going undetected and must be addressed before business applications are moved to a public cloud Which of the following “new” or increased risks have you identified?39% of respondentscited the loss of visibility of what happens to company data as an increasing risk when using cloud-based solutions.Note: Multiple responses permitted Shown: Percentage of participants

8. Social mediaFew companies have thoroughly examined the social media issue and developed an approach that will balance the business opportunity with the risk exposure How important is information security in supporting the followingactivities in your organization? Only 10% of respondents indicated that examining new and emerging IT trends was a very important activity forthe information security function to perform.Shown: Percentage of participants

9. Our perspectiveBorderless securityEstablish a comprehensive IT risk management program that identifies and addresses the risks associated with new and emerging technologies.

10. Undertake a risk assessment exercise to identify potential exposure and put in place appropriate risk-based responses.

11. Take an “information-centric” view of security, which is better aligned with the organization’s business and information flows.

12. Increase the investment in data leakage prevention technologies, encryption and identity and access management solutions — focusing on the people who use the technology.

13. Gain an understanding of the risks created by the use of new technologies — including technologies adopted personally by employees that may be used for business purposes.

14. Information security policies should be reviewed and adjusted appropriately to establish the acceptable use and any specific restrictions related to mobile computing devices.

15. Increase security awareness training activities for the mobile workforce.

16. Push enterprise security out to end-point devices to protect critical business information and provide better alignment with the organization’s risk profile.

17. Assess the legal, organizational and technological risks as well as the security issues related to placing information into the public cloud.

18. Develop a company strategy, a governance model and an operational approach to cloud computing use, including the information security function to help define policies and guidelines.

19. Set standards and minimum requirements to enable your organization to adopt cloud computing in as secure a manner as possible.

20. Provide the online communities and social collaboration tools that the new workforce expects, but do so with a view that aligns enterprise requirements with personal responsibility to protect sensitive business information.