Top Three Things to Change About Your Security Strategy

These days, CIOs feel more like zookeepers than IT leaders. Mobility has pushed business information out into external networks. Bring-your-own-device (BYOD) has flooded internal networks with external devices. Cloud computing has forced you to trust someone else with your company’s most precious resources.

We’re still figuring out what the management paradigm will look like once this all settles down. Until then, here are three concrete steps you can take today to get your data, partners, and employees in line.

1. MDM – now

The single biggest threat BYOD brings to the enterprise isn’t malware or corporate espionage. It’s human error. As an IT manager, the most difficult challenge is keeping your users from doing something stupid, auditing behaviors to log how and when bad things happen, and minimizing the damage caused when they do. There are some really interesting technologies on the horizon that will make this even easier in the near future, but don’t get distracted. You can take control of your mobile security today by implementing a company-wide mobile device management (MDM) solution.

Regardless of your mobile platform, existing off-the-shelf software can allow you to monitor policy compliance, push system and application updates, log usage, and wipe handsets remotely. The last feature is essential for lost devices or terminated employees. With the right software, you can even install multiple user profiles on a handset, so a “work wipe” won’t remove personal data. Creating a policy that works for everyone will take time, as will provisioning devices. But, once you’re up and running, the ongoing payoff is well worth the investment, and you’ll reduce downtime and support-costs.

2. Rein in lines of business

They started with Google Docs. They moved to Dropbox. Now your marketing, sales, or customer service executives want to use one of thousands of cloud-based solution providers for project tracking, outbound marketing, or some other function that IT used to manage. This is the time to be firm. There’s nothing wrong with cloud services. They’re responsive, often inexpensive, and they allow your line of business managers to achieve their goals in a nimble fashion. That doesn’t mean you’re not still in charge.

If you allow lines of business to adopt cloud-based services at will, you’re asking for trouble. The security risks are obvious, particularly since “getting around IT roadblocks” is often a big reason to look toward cloud solutions. Compliance risks, for everything from data deletion to backup and storage, are every bit as serious. Finally, data integration will become an issue you’ll eventually have to handle.

Explain your concerns to upper-level management and get buy-in for a policy that requires IT approval for external services. Keep the procedures streamlined and quick. You shouldn’t stop progress, but you’re ultimately responsible for keeping everyone safe. And if you can coordinate among departments, you may be able to save money on a bulk deal.

3. Audit your own partners

Marketing isn’t the only department pushing data to the cloud. You probably have some portion of your CRM, backup, big-data analytics, and ERP managed outside your walls, with more to come, and you’re using those services differently today than you were last year. They may be managing the data, but you’re on the line if something goes wrong. Have your legal department put together a list of all relevant regulations and compliance measures, and audit your partners annually. Vendors should be able to provide evidence of necessary certifications, and if there’s a particularly pressing matter (e.g., physical disposal practices for media storing sensitive information), don’t be afraid to make an onsite visit.

Cormac Foster
Cormac Foster is a writer, consultant, and skeptic who finds enterprise technology more exciting than he probably should. Before coming to ReadWrite, he spent time as an analyst at Jupiter Research (now part of Forrester), a writer at CNET and a business analyst. He's consulted with and written for dozens of tech companies, including Avocent, Research in Motion, Trend Micro and Veracode.
Cormac Foster
Cormac Foster
Tags: BYOD,Cloud Computing,IT Security,Technology,Virtualization