Data security is paramount and in earlier posts I have referred to the challenge to CIOs in securely permitting staff to access the corporate data store using smartphones and the like and IBM reports that around 90% of IT managers are investing to secure end points within the enterprise.
I confess to being surprised by this high percentage, news of which was released into the wild by IBM at its Pulse2011 event earlier this year by Threat Intelligence Manager Tom Cross.
It’s not rocket science to understand that authorised and unstructured access to corporate data and subsequent data security is a major concern to CIOs and Cross admits that vulnerabilities and attacks exist but that exploitation is not prevalent.
This concern stretches into how people use devices for personal purposes and it turns out that enterprises are pretty wide open with around 73% of those surveyed by IBM allowing non-traditional bits of kit such as smartphones and tablets to connect to corporate networks.
Allowing unstructured access to a company’s crown jewels cannot be tolerated as this week’s highly valued manager can too easily become next week’s hacked off promotion bypassed employee with the potential to wreak havoc through weak data security processes.
Cross offers the following five point recommendations to CIOs:
1 – Contain Smartphone VPN Access: Set a firewall policy. Smartphones only need access to certain sites.
2 – Control the installation of 3rd Party Applications: Do you allow unsigned apps?
3 – Establish screen lock password policies: Did you lose a $400 phone or a million dollar contract?
4 – Procedures: Establish procedures for employees to follow in the event that phones are lost or stolen: Can you wipe the phones remotely?
5 – Protection: Evaluate smartphone anti-virus solutions.
While Cross concentrates on smartphones CIOs must be aware of the risk from even the most benign looking technologies. Just how fragile an organisation’s security layer could be was driven home to me yesterday with the purchase of an Amazon Kindle.
Amazon gives me my own Kindle email address to which I can email Word documents, PDFs etc and I realised that with a few deft keystrokes a disenchanted employee could swiftly transfer your five year strategy to his e-reader without any trouble at all, take it to a bar, show it to whatever rival would pay for this information and delete it hoping there was no electronic vapour trail showing what he or she had been up to!
The good news is that you may still may be stuck with a load of legacy systems that rely on Internet Explorer 6 and the scenario above relies on the latest version of Google Chrome. What it does illustrate, however, is that even the most benign technology can contain the seed of something far more serious.
CIOs have to tread a difficult line. On the one hand you have to appear to be open to new technologies to enhance the way your organisation works. On the other you have to retain a deep cynicism about human nature and acknowledge that if someone somehow can throw a spanner in the works they probably will do!