Attacks involving mobile devices and Facebook may make the headlines, but the clear and present security risk facing organizations lies in the cloud, according to a recent survey of security professionals conducted by RSA Conference.
True, nearly every respondent agreed that allowing employees to connect their own mobile devices, such as an iPhone or iPad, directly to the corporate network would pose a security threat to their organization. But only 2% report their organization having experienced a "serious incident" as a result of an employee's mobile device usage. Likewise, only about 2% reported experiencing a serious security incident as a result of a social networking attack or leak.
If security professionals by and large don't see mobile devices and social networking as one of their top-line security threats, the same can't be said of the cloud. Indeed, 83% of respondents said their organization will move more business processes into the cloud in the next 12 months, typically through software-as-a-service applications, rather than infrastructure or platform services.
When it comes to the cloud, respondents' number-one security concern is controlling access to data, followed by maintaining regulatory compliance, data integrity, and seeing corporate data be co-mingled on shared servers.
The survey also queried security professionals' spending priorities. Given the widespread move to the cloud, perhaps it's no surprise that over the next year, the primary spending priority -- for 49% of respondents -- will be to secure cloud computing. Other security spending priorities include application security (48%), endpoint security (45%), authentication (42%), and mobile or wireless security (32%).
On the budget front, good news: more than half of respondents expect their security budgets to increase from 2010 to 2011.
Interestingly, RSA said that responses to the survey were consistent regardless of company size, even though a majority of respondents hailed from either very large (more than 10,000 people) or very small (fewer than 20 people) organizations.
"What we've discovered is that whether you're a global company or an emerging start-up with five employees, your overall security concerns are the same," said RSA's Sandra Toms LaPedis in a statement. "It's how you address these concerns through technology that varies from a budget and resources perspective."