Published/updated: December 2011
Patrolling an effective security regime is never a trivial task, despite the relentless development of security technology and services, because the information security management landscape is always challenging and always changing.
In days gone by, though, when the organisation owned and controlled all of the IT components, the information security challenge could at least be bounded, within the confines of the corporate infrastructure.
But nowadays we live in an increasingly ‘wired’ world where more and more people bring their own devices to work and, perhaps more significantly, their web services and social network accounts too. This means that the business world security defences will need to cope not only with all of the old challenges of mobile and remote working but also the new challenges of increasingly blurred boundaries between personal and working lives.
Net-savvy workers like to be always connected so they may look to use their own social media and instant messaging services, even when handling work-related matters. These are the people who might also use their personal web accounts either as workarounds, or to supplement business provided facilities.
For example, the ready availability of cheap, if not completely free, cloud-served data storage capacity can provide workers with quick and convenient data options. A few gigs here and a few gigs there can soon add up to a personal virtual datacentre, populated with a mixture of business-related data and purely personal information.
In the workplace most of these third-party services will be accessed and used via a web browser, usually requiring no client installation or configuration; which potentially puts them either completely beyond traditional IT management, or at least an arm’s length away.
What happens to business-related data once it has gone walkabout from the business environment is uncertain; data in the wild is almost never as well-managed or as secure as it would be if kept where it properly belongs and such feral data can pose a number of significant information management issues.
Our research shows that the two biggest concerns in relation to the use of personally acquired equipment and services for work purposes were: security and data loss (Figure 1).
These headline concerns are not surprising and have been around ever since mobile and remote working first became established in our IT service portfolios. However, as the consumerisation of IT changes the landscape of the business IT infrastructure, the need for effective counter-measures becomes even more important.
Technology can help, but only as part of a blended approach that also involves user behaviour and business policy. The degree and sophistication of information security technology deployed will, of course, vary according to the needs and nature of the organisation, combined with the sensitivity of the data concerned.
Nevertheless, long-established but rudimentary measures, such as file transfer blocking and website/ port/protocol filtering, may need to be supplemented with newer and stronger measures – perhaps using tools for DLP (Data Loss Prevention) – which can improve mitigation of some of the risks associated with the potential loss of business data.
Managing user behaviour is not always so easy, though, because they may not be aware of the business risks involved in properly managing and protecting information and/or the rules and guidelines governing the use of privately-owned web services at work. Figure 2 shows that our research indicates that there is scope for the development, deployment and communication of effective end user policies:
It seems that even where end user policies and guidelines for the use of personal equipment and services are in place, they are not widely underpinned by processes to educate users. This may mean that users are not only unaware of important security and compliance issues, such as data protection and privacy but also unaware of the undesirability of keeping, or using, business information in a private system.
Clearly, key consumerisation messages need to be better shared, understood and accepted, in the interests of mutual responsibilities, obligations and protection.
Incomplete or out of date information is never a sound basis for effective decision-making so it is vital that business information is kept together, in a business information system – not a privately-owned service that is unavailable to colleagues and stakeholders. The worst case is that the most up to date business information is not properly held and protected. As ever, when it comes to protecting business information in a world of growing IT consumerisation, prevention is the best cure but this will require a strong combination of diligence, engagement, communication and co-operation between the employing organisation and the staff owners of personal web services and accounts.
CLICK HERE TO VIEW ORIGINAL PUBLISHED ON
By Dale Vile & Jack Vile
We often hear that cloud computing dramatically reduces the need for in-house IT teams, and might even lead to their ultimate demise. The research reported here provides a very different view based on analysis of real business objectives and actual experience. ...more
By Dale Vile & Jack Vile
As technology becomes smarter, more opportunities arise to exploit AI, machine learning and other forms of intelligent systems to drive efficiency and transformation. But what’s the impact on IT teams? ...more
By Tony Lock
Have we all been caught asleep at the capacity planning wheel? Business users today want, and expect new IT services to be delivered in the blink of an eye, the necessary resources provisioned instantly, and changes made “on demand”. ...more
By Dale Vile and Tony Lock
It’s easy to be caught out by a cyber attack or internal mistake that leads to your customers’ data or important intellectual property ending up on the black market. Making sure your business is adequately protected and is able to respond effectively ...more
By Dale Vile, Tony Lock & Jack Vile
Application programming interfaces (APIs) have been around for decades. In the early days of IT they were primarily used to give programmers convenient access to libraries of prebuilt functions. As systems became more distributed, APIs found their place ...more
By Dale Vile & Jack Vile
The world we live in is increasingly digital. As the smart use of technology leads to markets speeding up and becoming ever more unpredictable, a strong set of established offerings and execution capabilities only gets you so far. Feedback from 1,442 IT ...more
By Dale Vile
Advances in digital technology create significant opportunities to transform both customer engagement and business operations. As the trends in these areas continue, feedback from 1,442 respondents in a recent survey highlight 10 key traits of the highest achievers. ...more
By Dale Vile
IT infrastructures are often coping pretty well with current business requirements, but many IT professionals are aware that new and changing needs will lead to future capability gaps. They also know that more of the same is not the answer ...more