How to stay in charge of company security in the age of social networking
Sociologists have long recognised it: the internet is a powerful force for democracy. Politicians also know this; which is why they seek to control the internet. Now business is also learning it; but unlike politicians, they are embracing the revolution.
An unstoppable force is knocking at the doors of enterprise Information Technology (IT) departments worldwide. Users are demanding a voice; and attempting to wrest away control.
This is the finding of a new RSA Council Report. Users are demanding, and frequently being allowed, to select which smartphone, which netbook and which tablet their company supplies them.
With years, even decades, of PC and Internet experience now under their belts, most users today are no longer satisfied being passive recipients of technology. Computing is now central to their lives; not just something they do at the office. They want to choose the technologies that will make them most productive and bring them into the enterprise.
The potential is far greater productivity, allowing users to use what they know works best for them personally. The danger is a total loss of security. This is clear in an earlier report last month, commissioned by RSA but undertaken by IDG:
- Though most companies have policies aimed at preventing or limiting the connection of personal devices to the corporate network, nearly 60 percent of respondents said that unauthorized connections to the corporate network still occur and 23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.
- More than 80 percent of companies now allow some form of access to social networking sites. Of those companies, 62 percent are already using it as a vehicle for external communication with customers and partners.
- The trend to enable users more access to consumer technologies is viewed in a positive light by most respondents. As many as 63 percent believe that using devices such as netbooks, tablets, smart phones and social media would increase productivity.
- Many companies are not fully prepared to confront this trend from a security standpoint. Just 11 percent feel very confident that they have the right level of security in place to accommodate increased access to consumer devices and applications.
- Only 22 percent of companies surveyed thoroughly calculate the risks associated with consumer technologies and applications before users begin using them for business purposes, 38 percent assess the risks in some cases, but have gaps in their strategies and up to 40 percent of those surveyed don’t calculate the risks at all.
There is clearly a serious disconnect here. Business is embracing user power and social networks; but not properly assessing the risks. Luckily RSA has a roadmap for the future:
The key is not to be in denial. User-driven IT is real – start figuring it out now. Don’t let the users control the plan by going around security to bring in restricted devices and access unauthorized applications. As users take the driver’s seat, information security must navigate – allowing users to choose their own types of cars; but explaining what roads are safe to drive on, providing safety requirements for their vehicles, educating them on safety procedures, and putting up guardrails so they don’t go over a cliff.
The report then offers a six step roadmap:
- Shift Minds to the Times
- Reframe Users as Assets
- Support Calculated Risk-Taking
- Get in Front of Technology Trends
- Own the Future
- Collaborate with Vendors
Rather than viewing the inevitable movement toward user-driven IT as a threat to their control, information security teams can use it as an opportunity to bolster their own value. For enterprises to reap the rewards, they have to be able to manage the risks.
In short, you could summarize the secret to reaping the benefit of greater user involvement without suffering a collapse of security by
Go for it. Take the bull by the horns and welcome the coming revolution.
Be in charge, and do it under your own terms.
This blog is moving to ITsecurity.co.uk, where it will be bigger and better than ever. Please join us.
The all-time most popular stories on this site
- What’s with the TrueCrypt warning?
- ITsecurity.co.uk went live
- We’re moving and expanding!
- More on the Avast breach and the hash used
- Avast forum hack demonstrates we need password storage disclosure
- Hector ‘Sabu’ Monsegur to be sentenced while Hammond sits in prison
- The eBay hack, the loss of 140 million records, and the PR fiasco
- The Master Troll, Weev, delivers a masterpiece of trolling
- FBI indicts five members of the Chinese military for hacking US companies
- Worldwide crackdown on BlackShades RAT users
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010