Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Pros Straining To Lock Down Emerging Tech

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

Businesses have been quick to embrace mobile devices, cloud computing, and social networking. But information security professionals report that they're now in a state of constantly having to play catch-up, both in terms of obtaining the needed know-how for securing these new technologies, as well as actually keeping them secure enough for business use.

That finding comes from a new study from market researcher Frost & Sullivan, sponsored by the International Information Systems Security Certification Consortium, or (ISC)2. The study is based on a Frost & Sullivan survey of 10,413 information security professionals from around the world. Of the respondents, 72% were (ISC)2 members.

"In the modern organization, end users are dictating IT priorities by bringing technology to the enterprise, rather than the other way around," said Robert Ayoub, global program director of network security for Frost & Sullivan, in a statement. "Pressure to secure too much, and the resulting skills gap, are creating risk for organizations worldwide."

For example, 70% of surveyed information security professionals said that they need better skills for securing clouds. At the same time, more than half of organizations already have private clouds in place, and more than 40% of security professionals themselves now use software-as-a-service applications.

To address the skills gap, many security professionals are regularly turning to training and education. According to the survey, the top areas that information professionals expect to receive training in over the next year are risk management (for 47%) and application and system development security (41%). The latter is notable since, according to the survey, respondents ranked application vulnerabilities as the biggest threat to their organizations. On a related note, 20% of information security professionals now report they're involved in secure software development.

Meanwhile, other training and education priorities for the upcoming year include forensics (39%), end-user security awareness (39%), security architecture and models (38%), access-control systems and methodology (38%), security management practices (37%), and business continuity and disaster recovery planning (34%).

Despite the skills gap, the survey found that the security field is largely in good health. Three out of five information security practitioners saw their salary increase in 2010, and most firms plan to increase their information security spending. For 2010, Frost & Sullivan estimates that there are 2.28 million information security professionals worldwide, and expects that figure to nearly double by 2015, to almost 4.2 million jobs.