The internet has changed the way we all work. Many employees can now access core business applications from anywhere - especially at home or on the move. This revolution has also opened these applications to many external users, leading to much reduced inter-company interaction times and more efficient business processes. The UK government's Digital Britain strategy will extend the network further, requiring businesses to take positive action to protect their resources:
- Management, culture and inclusion Improved communications allow people to be dispersed, but does not make management processes easier and can lead to the culture of an organisation/business becoming too individualistic and less supportive, with some people feeling isolated, especially when things go wrong. Quocirca recommends that organisations take a management lead to communicate more frequently and more closely with remote workers, use technology that allows the widest possible involvement in different working practices/business processes, so that employees' presence is felt and noticed in the workplace, even while they are working remotely.
- Partner collaboration and relationships By all means allow partners to access your business' IT systems, but keep that access segregated, controlled and under a watchful eye. Use separated access where possible, e.g. secured guest access for Wi-Fi, but then extend ‘extranet' like services through suitably tight authorisation and secured communication links.
- Threat awareness Controlling a connection with a firewall is no longer adequate; the perimeter is no longer impermeable and dispersed employees use many network services, each with threats and vulnerabilities. While large enterprises understand this, they often only have strong protection at central connection points, overlooking other weak areas at the edge of their network or beyond. Small and medium sized businesses are unlikely to be fully aware of the range of security challenges, or have sufficient technical knowledge to deal with them.
- On grid versus off grid While public networks can provide some protection and segregation, there are commercial challenges from coverage to cost reduction that may involve third parties other than a primary carrier in the delivery of connectivity services which are often not visible to the end customer. Each additional relationship introduces more risk, and the potential for things to go wrong. Rather than relying on protection solely from the network, in particular where numerous end points are involved, businesses should apply their own protection to information in transit. This should be in place even over trusted providers, especially as network relationships can be extended to partners, who may in turn use different or unknown carriers.
- Consumer backdoors Employees will often take a consumer approach to the use of technology products that are not available in the workplace, and these can bring increased business risks if used without adequate protection. Denying employees their choice of devices is increasingly difficult, so they should be accommodated - but with controls. Familiarity with technology may lead to contempt or complacency, and so the protection put in place should be kept simple, straightforward and as a default, achieve the minimum security level mandated by the business.
Organisations must remain in control of their distributed digital destiny and extend their networks where they need to in a managed and secure fashion to ensure that the business, the work of its employees and its digital assets are fully protected.
To download this paper you must be logged in.