Home > All, Security Issues > How to stay in charge of company security in the age of social networking

How to stay in charge of company security in the age of social networking

Sociologists have long recognised it: the internet is a powerful force for democracy. Politicians also know this; which is why they seek to control the internet. Now business is also learning it; but unlike politicians, they are embracing the revolution.

An unstoppable force is knocking at the doors of enterprise Information Technology (IT) departments worldwide. Users are demanding a voice; and attempting to wrest away control.

Re-calibrating Information Security for Choice Computing

Re-calibrating Information Security for Choice Computing

This is the finding of a new RSA Council Report. Users are demanding, and frequently being allowed, to select which smartphone, which netbook and which tablet their company supplies them.

With years, even decades, of PC and Internet experience now under their belts, most users today are no longer satisfied being passive recipients of technology. Computing is now central to their lives; not just something they do at the office. They want to choose the technologies that will make them most productive and bring them into the enterprise.

The potential is far greater productivity, allowing users to use what they know works best for them personally. The danger is a total loss of security. This is clear in an earlier report last month, commissioned by RSA but undertaken by IDG:

  • Though most companies have policies aimed at preventing or limiting the connection of personal devices to the corporate network, nearly 60 percent of respondents said that unauthorized connections to the corporate network still occur and 23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.
  • More than 80 percent of companies now allow some form of access to social networking sites.  Of those companies, 62 percent are already using it as a vehicle for external communication with customers and partners.
  • The trend to enable users more access to consumer technologies is viewed in a positive light by most respondents.  As many as 63 percent believe that using devices such as netbooks, tablets, smart phones and social media would increase productivity.
  • Many companies are not fully prepared to confront this trend from a security standpoint.  Just 11 percent feel very confident that they have the right level of security in place to accommodate increased access to consumer devices and applications.
  • Only 22 percent of companies surveyed thoroughly calculate the risks associated with consumer technologies and applications before users begin using them for business purposes, 38 percent assess the risks in some cases, but have gaps in their strategies and  up to 40 percent of those surveyed don’t calculate the risks at all.

There is clearly a serious disconnect here. Business is embracing user power and social networks; but not properly assessing the risks. Luckily RSA has a roadmap for the future:

The key is not to be in denial. User-driven IT is real – start figuring it out now. Don’t let the users control the plan by going around security to bring in restricted devices and access unauthorized applications. As users take the driver’s seat, information security must navigate – allowing users to choose their own types of cars; but explaining what roads are safe to drive on, providing safety requirements for their vehicles, educating them on safety procedures, and putting up guardrails so they don’t go over a cliff.

The report then offers a six step roadmap:

  1. Shift Minds to the Times
  2. Reframe Users as Assets
  3. Support Calculated Risk-Taking
  4. Get in Front of Technology Trends
  5. Own the Future
  6. Collaborate with Vendors

Rather than viewing the inevitable movement toward user-driven IT as a threat to their control, information security teams can use it as an opportunity to bolster their own value. For enterprises to reap the rewards, they have to be able to manage the risks.

In short, you could summarize the secret to reaping the benefit of greater user involvement without suffering a collapse of security by

Go for it. Take the bull by the horns and welcome the coming revolution.
Be in charge, and do it under your own terms.

The Rise of User-driven IT: Re-calibrating Information Security for Choice Computing

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s