New Tech Straining Security Pros

The growing use of new technologies like mobile devices and social networking has drastically changed the way government agencies and companies do business, but they're also stretching information security professionals thin, according to a new survey.

The 2011 Global Information Workforce Survey by Frost & Sullivan and (ISC)2 found that new threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as the added responsibility of addressing the security concerns of customers, are straining the already overworked information security workforce.

The survey of 10,413 information security professionals from companies and public sector organizations worldwide also found a severe gap in the skills needed by information security professionals across the board. Many reported a need for better training, particularly on cloud computing. For example, more than 50 percent of respondents reported having private clouds in place, while more than 70 percent reported the need for new skills to properly secure cloud-based technologies.

Application vulnerabilities ranked as the top threat to organizations by 72 percent of respondents, making it a significant new area of focus for security professionals worldwide. The security of mobile devices ranked second on the list of highest concerns, even though most reported that their organization has policies and technology in place to meet the security challenges of mobile devices.

Security professionals also noted concern with social media threats, with many reporting inconsistent policies and protection for end-users visiting social media sites. Just less than 30 percent of professionals had no social media security policies whatsoever.

Other threats, such as viruses and worms, hackers and internal employees all fell in significance as top threats from 2008, the most recent year of the study.

The report also estimates that there are 2.28 million information security professionals worldwide, with demand for such professionals expected to increase to nearly 4.2 million by 2015. The main drivers for the continued growth of the profession are regulatory compliance demands, greater potential for data loss via mobile devices and the mobile workforce, and the potential loss of control as organizations shift data to cloud-based services.

In addition, nearly two-thirds of respondents said they don't expect to see any increase in budget for information security personnel and training in 2011. Despite the global recession, however, three out of five respondents reported receiving a salary increase in 2010, the study found.

"We need a paradigm shift in our global cyber security strategy to address the skills gaps revealed by the study," said W. Hord Tipton, executive director of (ISC)2. "(ISC)2 believes it will take a combined effort of industry, government, academia and the profession to attract and educate a new generation of high-quality information security personnel and equip current professionals to address the latest threats."

The U.S. government-specific results of the study will be featured in a separate report to be released in late March, (ISC)2 said.