The global information systems organization ISACA is urging businesses to prepare for tough decisions in the year ahead in three areas: data privacy, cloud computing, and increasingly complex cyber-threats.
Interest in private or hybrid (public/private) cloud solutions is expected to grow because of information security concerns, according to ISACA.
Meanwhile, cybersecurity threats are expected to continue to become more sophisticated and pose threats to consumer data and international supply chains.
And consumer and employee concerns about data privacy are growing, according to ISACA.
“Privacy by design, confidentiality of location-based information, the consumerization of IT, and an increase in legislative and regulatory mandates that will drive more privacy audits are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed,” Greg Grocholski, ISACA’s international president, said in a news release.
This is the state of IT as 2013 is set to begin. Cloud computing, though associated with risks, provides an opportunity for efficiencies, and employees armed with smartphones need access to data to accommodate their flexible work schedules.
The experience of New Jersey-based CPA firm WithumSmith+Brown during Hurricane Sandy late in 2012 demonstrated the value that cloud computing can bring to a business. Business interruption was minimal because the firm had moved mission-critical applications to the cloud and employees could get access to necessary data as long as they could get to a location with power and an internet connection.
“I attribute our ability to continue as a firm, to operate without any issues, to the fact that we’ve embraced the whole cloud concept,” firm partner Jim Bourke, CPA/CITP/CFF, CGMA, said in November.
Because of such benefits, cloud use is increasing. Seventy-six percent of organizations polled in the United Kingdom that are using cloud services expect to increase their use over the coming year, according to a Cloud Industry Forum whitepaper. Among those not using cloud-based services, 26% said they plan to adopt them within the next 12 months. Overall, 59% of organizations are in or headed to the cloud, according to Ernst & Young’s 2012 Global Information Security Survey, up from 44% in 2011.
In a September survey of AICPA members in public accounting firms, 11% of respondents said that their firms exclusively use cloud-based applications, infrastructure, and platforms for their technology needs. Another 33% said that they use business-grade cloud solutions—such as accounting, bill management, or payroll applications—in certain areas of their practice. Nearly 10% of those not using cloud services are actively planning to adopt cloud technology, while 46% are planning to remain cloud free.
Asked what they saw as the biggest barriers to adopting or expanding cloud technologies, more than 60% of the AICPA survey respondents pointed to security concerns, although more than 85% said they are very or reasonably confident in their cloud vendors in the event of a data breach or security problem. The next most frequently cited cloud concerns were change management (43%) and skepticism about how much value the cloud provides (42%).
Public versus private clouds
Sixty-nine percent of North American respondents, 68% of European respondents and 63% of Asia Pacific respondents in ISACA’s 2012 IT Risk/Reward Barometer survey said the risks of using public cloud services—where resources are hosted and managed outside company firewalls—outweigh the benefits.
But the private cloud, where resources are available within the corporate firewall, was more widely accepted, with 57% of respondents in North American, Europe, and Asia saying the benefits of using the private cloud outweigh the risks.