Upload
seclore
View
182
Download
0
Embed Size (px)
Citation preview
How Secure Is Your Company's Information With the Mobile-Carrying Social Employee?
Posted by Vishal Gupta on February 19, 2014 at 11:22am
View Blog
Over the past few months, I have had the misfortune of losing my laptop and my phone in a New
York cab. Call me careless, but this complete loss of digital identities, brought me to the harsh
realities of security and privacy in the new world. As I look back however, the interesting bit was the
sequence in which I started to worry about things. The first thing that worried me was all the data on
the laptop, I had a backup and all the data was encrypted using Seclore’s own technology so I was
good on that front.
Thank goodness we have a company policy for all employees to do so and I had dutifully complied!
The second thing that worried me was all the data on the phone, the contacts, the texts and all the
account passwords that I had fed into the various applications and the data within those apps. The
last thing that worried me is loss of the devices themselves, the cost of replacement and the time
delays. The sequence of these “worries” was striking and (re)conveyed what is becoming more and
more obvious i.e. if the data is secured, the rest don’t matter!
Paradigm shifting mobile and social collaboration technologies have created an always-connected
workforce. These technologies also present, perhaps the single largest risk to personal and corporate
information. An enterprise’s capability to erect “walls” around corporate boundaries has already
vanished. In fact the corporate boundary (where exactly does one erect the wall?) itself has
vanished. Traditional methods of providing corporate laptops and controlling everything on the
laptop does not extend to the mobile world where everyone likes to make their own decisions on
phones and tablets that they would like to use.
Combined with this lack of control is the increasing need to control. Security concerns and an
increasing societal need for privacy are forcing enterprises to implement and regulators to mandate
stricter controls around data access. Industry specific regulation like HIPAA, PCI-DSS as well as
generic frameworks like ISO and Sarbanes Oxley are becoming more uptight around security and
privacy. Incidents like the data breaches at Target, Heartland and Sony are painful reminders of what
could happen to even well defended systems.
In this context, the question of, “What will it take to secure the BYOD carrying social workforce?”
becomes central. Let’s look at a few options.
The first option is to take controls which have worked historically and embed them in every mobile
device and every social platform. Historically, we have relied on controls over transmission of
information like can I use the USB drive, can I use a personal email ID, can I share using a consumer
file sync-and-share service. All such technologies essentially rely on blocking a particular service, USB
port, Gmail, Dropbox and others, which is seen as a potential risk. Technologies exist today which
can implement the same controls on a personal mobile device. Public social collaboration platforms
however do not provide the same level of control themselves and therefore enterprises have to
either accept these risks or block the platform completely.
The second, perhaps more modern, view that is emerging is to focus on what is really important, and
that is, information. This option essentially relies on protecting the information itself and inserting a
“beacon” within the information which constantly relays its present location as well as provides
capabilities to control the information; in other words, who can use the information, what can the
person do, when and from where. This is a rather large deviation from traditional models where the
focus shifts from protecting the infrastructure like collaboration apps, devices, networks to
protecting the information.
I believe that as we move to an increasingly “borderless” world where mobile phones play a bigger
role in our work life than computers and social collaboration becomes the norm we will be left with
no choice but to protect information itself. Enterprise’s capabilities to govern devices, networks and
applications will consistently go down and the only ownership it can exercise will be over
information.
The bottom line is that information will have to be shared and decentralized but with right checks
and balances. Reputation, intellectual property, loss of public image are just some of the obvious
concerns and today we all understand a serious breach can actually paralyses the entire companies
existence. With consistent careful use of the military grade encryption technologies now readily
available to the enterprise, employers now have the power to "remote control" information even
after dissemination. Explore the right fit for your needs and make sure the compliance is 100% and
you are ready for the new world of social corporate employee.
Vishal Gupta is the founder and CEO of Seclore.
Read more: http://insights.wired.com/profiles/blogs/how-secure-is-company-information-in-the-
hands-of-smartphone#ixzz2yqT62bxn
Follow us: @Wiredinsights on Twitter | InnovationInsights on Facebook