Business Issues -> Compliance
By: Rob Bamforth, Principal Analyst, Quocirca
Published: 26th March 2013
Copyright Quocirca © 2013
Things change, but recent advances in technology, coupled with social changes, are changing the work/life balance, and not in the way that was once expected. Shorter days and more leisure time was a twentieth century dream for the twenty first century world of work, but the reality is somewhat different.
At one time, information and communications technology (ICT) for the working environment was only made accessible to a select few, controlled by central diktat and superior to anything you were likely to see at home. Now the complete opposite is true and consumerised IT not only extends the working day into individuals’ personal lives, but also allows them choices and to bring their personal devices (BYOD) and activities—especially social communications—into the main hours of the working day.
While this blurring may not be an issue, providing employees do not push too much personal activity so as to be a detriment to their work, it does create other challenges.
One in particular is related to another change, but this time instigated by the organisation. There is an increasing need to open up business applications to communicate and share information with users outside of the organisation. This includes outside the physical boundaries and the need to share with employees on the move or working from home, but also outside the corporate boundaries to contractors, third party suppliers, business customers and even consumers. The reasons for this are to improve relationships with customers, transact directly with them and to more tightly integrate the supply chain.
Organisations are themselves also increasingly using social media to do this as they feel that it will make it easier to identify, communicate with and retain customers.
The problem then is how and what to share, and will it be safe?
Up until recently the main method of sharing information remotely with anyone external would either be physical media—CD, memory stick, etc.—especially for large volumes of data; or, more often for smaller volumes, email. Most organisations are relatively confident they can secure email sharing, and there are certainly many tools to support this and minimise data leakage.
Physical media is more tricky and, as mobile devices have become increasingly prevalent, this increases the physical device risk further. This might be by direct connection through USB such as memory sticks (although 'podslurping' was a term coined for downloading gigabytes to a connected iPod) or over the air through a cellular or Wi-Fi connection.
The risks this brings through the potential loss or theft of device are well known and understood, with mobile device management (MDM) protections often put in place to lock or wipe, and sometimes, though not frequently enough, through on-device encryption. There are also those who avoid data residing on the device at all through virtual connections that leave no permanent data footprints.
However, a greater risk comes from user behaviours related to the increasing use of social media—posting or sharing something 'out there' on the internet. This might be as an update to 'friends' via a social media site or a dedicated cloud storage provider.
Either way it is potentially out of sight from an enterprise perspective, as employees will be using their own preferred tools to create a Bring Your Own Cloud or Collaboration (BYOC) experience. If this casual and informal usage translates into how official or formal information is shared with third party businesses and consumers, the organisation is not in control, making the demonstration of compliance virtually impossible and increasing security risks.
It might be that enterprise IT has its own set of endorsed tools for information sharing via cloud based services, but the blurring of boundaries in employee behaviour may make the use of these difficult to enforce, especially if employees have been allowed or even encouraged to BYOD in an uncontrolled manner. One way or another, lax behaviour may need to be reined in, monitored or checked.
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: electronicdawn Ltd.