BW Communities

When The Boundaries Blur

BW Online Bureau Nov 08, 2014

<?xml version="1.0" encoding="UTF-8"?><root available-locales="en_US," default-locale="en_US"><static-content language-id="en_US"><![CDATA[Our personal and professional lives are increasingly blending together. Smart devices are being used for a blend of personal and business tasks, and for accessing entertainment and carrier-provided services. At the same time, an influx of young, tech-savvy workers are having a tremendous impact on companies and their IT organizations. They enter the workforce with tremendous energy and new ideas, but also with their own set of preferred tools and applications–from mobile devices and laptops to social networking tools which have become prevalent in Indian enterprises. Employees want to use the devices they prefer and are less willing than ever before to live with IT mandated devices. Today, enterprises across different verticals are encouraging the entry of smart devices into the corporate network. Choice is the new paradigm.  At the same time, it creates new security and management challenges for IT organizations. Symantec 2012 State of Mobility Survey revealed that 53 per cent of respondents consider mobility as somewhat to extremely challenging and 40 per cent of respondents identified mobile devices as one of their top three IT risks. This trend, often referred to as "the consumerization of IT," is causing the explosion of information beyond the four walls of an office to a mind-boggling variety of devices and platforms, many Indian enterprises are at a loss to define and establish policies and processes that guide appropriate usage and protect the most valuable asset – information.  Security Implications As A Result Of Adopting Smart Devices As smart devices become more ubiquitous, attackers are making them their target both as a means to access the data stored in it and as a direction for gaining access to the business network or introducing malware onto it.  Symantec's latest Internet Security Threat Report XVI revealed a 42 per cent increase in mobile vulnerabilities in 2010. The consumerization of IT is forcing organizations to support a wider array of technologies, and mobility allows people to connect from any location. Enterprises face unique challenges for the security and management of smart devices as many users either bring their own personal devices into the enterprise or use their business devices for personal use. Further since device downtime could result in business disruption, the inability for a technician to service a customer or prevent a salesman from providing a potential customer with critical and timely information, organizations need the ability to respond efficiently to device problems. Many enterprises lack the ability to adequately support and extend access to various consumer devices which puts both corporate data and business communications at risk. Just managing these devices is hard enough, and securing the information on them can be a bigger challenge. Counter Measures Against The Security Issues As IT becomes increasingly consumerized, the new challenges require a fundamental shift in the way Indian enterprises approach the connected world which means they protect and manage identities and information, regardless of the device, the location, the infrastructure - physical or virtual. Today, enterprises need to implement a security strategy that is risk-based and policy-driven, information-centric and operationalized across a well-managed infrastructure. Organizations that choose to embrace mobility, without compromising on security, are most likely to improve business processes and achieve productivity gains. To this end, organizations should consider developing a mobile strategy that defines the organization's mobile culture and aligns with their security risk tolerance. Some key recommendations include: Enable Broadly: Mobility offers tremendous opportunities for organizations of all sizes. Explore how you can take advantage of mobility and develop a phased approach to build an ecosystem that supports your plan. To get the most from mobile advances, plan for line-of-business mobile applications that have mainstream use. Employees will use mobile devices for business one way or another – make it on your terms. Think Strategically:  Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Think beyond email. Explore all of the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated. As you plan, take a cross-functional approach to securing sensitive data no matter where it might end up. Manage Efficiently: Mobile devices are legitimate endpoints that require the same attention given to traditional PCs. Many of the processes, policies, education and technologies that are leveraged for desktops and laptops are also applicable to mobile platforms. So the management of mobile devices should be integrated into the overall IT management framework and administered in the same way – ideally using compatible solutions and unified policies. This creates operational efficiencies and lowers the total cost of ownership. Enforce Appropriately: As more employees connect their personal devices to the corporate network, organizations need to modify their acceptable usage policies to accommodate both corporate-owned and personally-owned devices.  Management and security levers will need to differ based on ownership of the device and the associated controls that the organization requires. Employees will continue to add devices to the corporate network to make their jobs more efficient and enjoyable so organizations must plan for this legally, operationally and culturally. Secure Comprehensively: Look beyond basic password, wipe and application blocking policies. Focus on the information and where it is viewed, transmitted and stored. Integrating with existing data loss prevention, encryption and authentication policies will ensure consistent corporate and regulatory compliance. (The author is VP and MD, India Product Operations, Symantec)