APAC enterprises lack 'proper, systematic' security approach

Companies in region well aware of security issues and evolving threats but many do not have holistic security strategy, which compounds risks, Hewlett-Packard execs say.

SINGAPORE--Enterprises in the Asia-Pacific region might be "well aware" of security issues and evolving threats but lack of proper tools and systematic approaches are hampering their risk mitigation efforts.

That was the observation of Daniel Lee, Asia-Pacific & Japan regional director of Hewlett-Packard's (HP) TippingPoint group, who added that companies need to understand that normal security solutions cannot solve "advanced and evolving" problems.

Speaking to ZDNet Asia at the sidelines of a security briefing organized by HP Thursday, Lee said being "well aware" of security issues is not enough and there is still a lack of understanding among enterprises in the region with regard to having a holistic approach to safeguarding their organizations and the data they own.

Wong Loke Yeow, regional marketing director of enterprise security at HP Asia-Pacific & Japan, one of the speakers at the briefing, added that companies' priorities should be on managing information risk in the era of mobile, cloud computing, IT consumerization and social media.

Other focus areas include protection against sophisticated cyber threats, improving reaction time to security incidents, reduction in costs and spending wisely to achieve compliance in a predictable and cost effective way, Wong noted.

Both executives' comments seem timely given the findings revealed by a HP-commissioned study from Coleman Parkes.

Released Sep. 13, the study showed that more than 40 percent of executives polled believe that security breaches within their organizations have increased during the last year. Additionally, 46 percent indicated that their companies had experienced a security breach by unauthorized internal access while 39 percent stated that their companies suffered an internal breach.

Furthermore, 70 percent of the senior business and IT executives polled expressed that the number and complexity of risks and threats continue to rise, the study showed. Only 27 percent of those polled indicated that their organizations are well-defended against security threats, it stated.

The survey was conducted between July and August this year and consisted of 550 interviews with senior business and technology executives from enterprises and mid-market businesses in regions including Asia-Pacific, North America, Europe, Middle East and Latin America.

Trust, security necessary for cloud
With regard to cloud computing security concerns, Christopher Whitney, managing director of HP Labs Singapore, said trust, or the lack thereof, is a "key barrier". He cited the Fujitsu Research Institute 2010 survey, which found that 88 percent of potential cloud customers were worried about who had access to their data and would like awareness of what goes on in the backend.

To mitigate this, Whitney told ZDNet Asia after the briefing that trust is central in the relationship between cloud users and service providers and users need to have the guarantee that their data will be secure.

With larger scale adoption of cloud, more aspects of security are expected to be included in service level agreements for such services, he predicted.

Whitney echoed the point made by Neelie Kroes, vice president of digital agenda at European Commission (EC), earlier this month. In an earlier report, she said cloud computing plays an integral role in the new digital age but trust and security needs to be consistently instilled for people to be comfortable in such and environment.