More than 90 percent of Indian IT leaders believe that
mobile devices, whether employer-provided or personal, pose a risk to enterprises,
according to ISACA.
More than 50 percent of respondents in India recognize
this risk from mobile devices and said that their enterprises have put policies
and systems in place to mitigate the risk arising out of mobile devices use.
These security measures include controlling application installations,
remote-wipe capabilities, encryptions and password requirements.
The ISACA survey
also shows that 56 percent of respondents say that their enterprises do not
allow installation of applications on mobile devices used for work activities.
Mobile devices, in this case, include smart phones, flash drives, notepads,
tablets and broadband cards.
Mobile devices and mobile computing are posing tough
questions to organizations. These pertain not just to technology but also
fundamental questions related to intent and strategy. The survey results are an
eye opener and present an interesting dichotomy from the governance of IT
perspective,” said Sandeep Godbole, a member of the ISACA India Task Force.
The results indicate a fair level of awareness about
technology risk and technology risk management among Indian enterprises. At the
same time, they seem to be a bit slow in adopting new technologies and
practices that promise significant benefits and value. We need to understand
that risk reduction no doubt is important; however, equally important is the
ability to generate value and rewards,” Godbole added.
Striking a balance between reducing risk and enabling
reward is evolving towards a more strategic, cross-enterprise view. 87 percent
of enterprises have effectively integrated IT risk management with their
overall approach to risk management. Increasing risk awareness among employees
is considered the most important driver in improving coordination between IT
risk management and enterprise risk management.
There has been a gradual improvement in the scenario in
India as compared to the previous findings, especially in aligning the
enterprise risk management strategy with managing IT risks and also in ensuring
that IT is more aligned with business needs,” said Niraj Kapasi, CISA, chair of
the ISACA India Task Force and IT auditor.
However, much more needs to be done to integrate
governance of IT with corporate governance to derive value. ISACA’s COBIT, Val
IT and Risk IT provide the right tools for implementing controls, measuring
value and managing risk in IT as a part of the overall enterprise governance
objectives,” Kapasi added.
According to ISACA’s 2011 Risk/Reward Barometer survey,
as many as 43 percent of enterprises in India have still not adopted cloud
computing for any IT services as part of their cloud computing plan. In the US,
61 percent of enterprises do not have a definite plan of deploying cloud
computing in 2011.
The major concerns in deploying cloud computing, as cited
by Indian IT leaders, are security and privacy concerns and the discrepancies
in the type of data/service. However, the respondents whose enterprises do use
cloud computing noted that cost optimizations and availability, centralized
operations, and cost reductions were the primary drivers.