Why Security Matters Now

Today's most compelling technologies are giving you the biggest security headaches. Social networking sites such as Twitter, Facebook and LinkedIn enhance collaboration and help your company connect with customers, but they also make it easier than ever for your employees to share customer data and company secrets with outsiders.

Virtualization and cloud computing let you simplify your physical IT infrastructure and cut overhead costs, but you've only just begun to see the security risks involved. Putting more of your infrastructure in the cloud has left you vulnerable to hackers who have redoubled efforts to launch denial-of-service attacks against the likes of Google, Yahoo and other Internet-based service providers. A massive Google outage earlier this year illustrates the kind of disruptions cloud-dependent businesses can suffer.

But there's also good news. Even though the worst economic recession in decades has compelled you to spend less on outsourced security services and do more in-house, your security budget is holding steady. And more of you are employing a chief security officer.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Today's most compelling technologies are giving you the biggest security headaches. Social networking sites such as Twitter, Facebook and LinkedIn enhance collaboration and help your company connect with customers, but they also make it easier than ever for your employees to share customer data and company secrets with outsiders.

Virtualization and cloud computing let you simplify your physical IT infrastructure and cut overhead costs, but you've only just begun to see the security risks involved. Putting more of your infrastructure in the cloud has left you vulnerable to hackers who have redoubled efforts to launch denial-of-service attacks against the likes of Google, Yahoo and other Internet-based service providers. A massive Google outage earlier this year illustrates the kind of disruptions cloud-dependent businesses can suffer.

But there's also good news. Even though the worst economic recession in decades has compelled you to spend less on outsourced security services and do more in-house, your security budget is holding steady. And more of you are employing a chief security officer.

Such are the big takeaways from the seventh-annual Global Information Security survey, which CIO and CSO magazines conducted with PricewaterhouseCoopers earlier this year. Nearly 7,300 business and technology executives worldwide responded from a variety of industries, including government, health care, financial services and retail.

To read more on security, see: Twitter Taken Down By Denial-of-Service Attack and Social Networking Malware: Three Ways to Protect Yourself.

See the complete survey results here.

Check out how we got the numbers.

These trends are shaping your information security agenda. "Every company worries about protecting their data, especially their client data," says Charles Beard, CIO at Science Applications International Corp. (SAIC). "Under the old business model, everyone had to get together in the same building in the same geographical area. Now everyone is using the Internet and mobile devices to work with each other. That's where we see the promise of things like social networking. The flip side is we're exposed to the dark side of cyberspace. Adoption of this technology is well ahead of efforts to properly secure and govern it."

Read on to learn what we found.

Top IT Security Priorities

New investments are focused on protecting data, authenticating users

1. Biometrics

2. Web content filters

3. Data leakage prevention

4. Disposable passwords/smart cards/tokens

5. Reduced or single-sign-on software

6. Voice-over-IP security

7. Web 2.0 security

8. Identity management

9. Encryption of removable media

TREND #1

The Promise and Peril of Social Networking

In less than two years, social networking has gone from an abstract curiosity to a way of life for many people. When someone updates their status on Twitter, Facebook or LinkedIn, they might do it at work by day or on company-owned laptops from home at night.

What gives IT executives heartburn is the ease with which users could share customer data or sensitive company activities while they're telling you what they're having for lunch. Cyberoutlaws know this and use social networks to launch phishing scams. In one popular attack, they send their victims messages that appear to be coming from a Facebook friend. The "friend" may send along a URL they insist you check out. It may be pitched as a news story about Michael Jackson's death or a list of stock tips. In reality, the link takes the victim to a shady website that automatically drops malware onto the computer. The malware goes off in search of any valuable data stored on the computer or wider company network, be it customer credit card numbers or the secret recipe for a new cancer-fighting drug.