Businesses are
becoming hyper-extended enterprises, exchanging information with more
constituencies in more ways and in more places than ever before, said Art
Coviello, EVP of EMC and president of RSA. 
The rapid adoption of nascent web, social, and mobile technologies
combined with the rising use of outsourcing is quickly dissolving what remains
of the traditional boundaries around our organizations and information
assets.  Security strategies must shift
dramatically to ensure companies can achieve their goals to cut costs and meet
revenue targets without creating dangerous new business vulnerabilities.

Commissioned by RSA, a 2009 IDG Research Services survey of
100 top security executives at companies with revenues of $1 billion or more
showed that some companies are so enthusiastic about the potential of new web
and mobile technologies, they are deploying them without adequately securing
critical processes and data.

Key findings include:

* More than 70% of survey respondents believe escalating
levels of connectivity and information exchange powered by new web and
communication technologies are transforming their organizations into
hyper-extended enterprises. 

* The majority of organizations have increased their use of
virtualization, mobility, and social networking over the past 12-24 months,
with more than one-third reporting an increase in cloud computing.

However, many of the responding companies do not have adequate strategies to
assess the risks involved in adopting these new technologies.  In some organizations, the corporate security
department is only brought in when problems occur and in others, security is
not even informed before these new technologies are used. 

* Less than half of respondents have developed policies for employees to guide
the use of social networking tools and sites. 

* More than 30% of the responding companies already have at
least some enterprise applications or business processes running in the cloud,
with another 16% planning to begin migration within the next 12 months.  Among these, two-thirds do not yet have a
security strategy in place for cloud computing.

* More than 8 of 10 respondents are concerned that pressure to cut costs and
generate revenue has increased their exposure to security risks. More than 7 in
10 have experienced a security incident in the last 18 months. The majority of
respondents agree they need to change and improve their approach to enterprise
security strategy to accommodate the realities of the hyper-extended
enterprise.