The fourth edition of the ITGI Global Survey Results has been posted by ISACA.

A total of 834 surveys were completed, of which 704 were received through the online survey and 130 were gathered by telephone. The surveys were conducted in the native language of the interviewees, and included Chinese, Czech, Dutch, French, German, Japanese, Polish, Portuguese, Russian and Spanish.

Cloud is a murky term, but here are some highlights I found in the report.

Service providers already run, or will soon have, mission-critical technology for almost half of the executives surveyed:

60 percent use or are planning to use cloud computing for non-mission-critical IT services, and more than 40 percent use or are planning to use it for mission-critical IT services. For companies that do not have plans to use cloud computing the main reasons are data privacy and security concerns.

A whopping two-thirds do not see legacy infrastructure as an obstacle.

More than one-third of the survey respondents reported significant legacy infrastructure investments that are inhibiting their cloud computing plans

On the other hand, there are still areas of concern. Some applications are considered too risky by four-fifths of executives!

The use of Facebook or Twitter at work is not highly prized; only one out of five respondents believes that the benefits of employees using social networking outweigh the risks.

The report also differentiates responses by size of company.

Cloud computing-related concerns about security, data privacy and legacy infrastructure investments are generally higher in large enterprises than in small ones.

Although large enterprise concern about cloud are higher than in small, the survey also shows that IT “innovation” is more likely in a large enterprise.

Slightly more than half of large enterprises have implemented or plan to implement initiatives to promote IT innovation, compared with 40.3 percent of small enterprises.

Infrastructure and Platform (IaaS and PaaS) seem to be getting the green light, but Software (SaaS) services such as social networking still has not overcome privacy concerns for the vast majority of executives — more red than yellow. That makes sense to me. SaaS is the least transparent of the three levels and has a history of mistakes.

Wired has raised further concern about a security researcher who disappeared.

A well-known security researcher and cybercrime foe appears to have gone missing in Bulgaria and is feared harmed, according to a news organization that hosts a blog the researcher co-writes.

Bulgarian researcher Dancho Danchev, who writes for ZDNet’s Zero Day blog, is an independent security consultant who’s garnered the enmity of cybercriminals for his work tracking and exposing their malicious activity. He has often provided insightful analysis of East European criminal activity and online scams.

His last Twitter update was October 20th, 2010, and hislast blog entry was September 11th, 2010.

A big clue in the case is that Danchev supposedly sent an “insurance” letter with photos to a friend before he disappeared. The letter accuses the Bulgarian government of monitoring him. The wiring in the photos, however, are exposed and easy to see; it does not look like professional surveillance work, which I would suspect Danchev also knew.

Metasploit gave Google a bit of a roast yesterday.

They accuse the software giant of failing to protect users by delaying a fix for a vulnerability (announced last November) and putting it only into Android 2.3 (the “Gingerbread” release).

A fix for what, you may ask:

Perhaps the easiest win though, is that you can grab anything off of the SD card. You might ask, “Anything?! What about the user separation?” Well, because the SD card has been formatted with the “vfat” (aka “fat32”) file system, there is no concept of ownership. All files are owned by the same user id since the file system itself cannot encapsulate who created which file. As Thomas said, files in the SD card that have predictable names are ripe for the picking. This includes pictures and movies. These may in fact be some of the most private data on your device.

Android 2.3 is currently only on 0.4% of Android phones.

I will be presenting at RSA 2011 in San Francisco:

Session ID: CLD-204

Title: Cloud Investigations and Forensics

Scheduled Session Times: Wednesday, Feb 16, 1:00 PM

Room: Orange Room 305

Abstract: Cloud computing’s growth in popularity has been due to the lure of inexpensive and redundant storage, computation and services. This presentation provides an analysis of what happens when things go wrong, by looking at real-world cloud computing investigations and digital forensics. It proposes a set of technical and legal recommendations to reduce risk.

Session Classification: Advanced