The idea that a boundary exists between "locked down" IT
systems inside the corporate network and everything else operating
outside it does not make as much sense as it once did, writes
Ollie Ross, head of research forThe Corporate IT
Forum.
For the large companies that belong to The Corporate IT Forum
and take part in our specialist security service, the boundary is
becoming virtual and blurred. The last few years have seen
corporates opening up and
de-perimeterising their networks. Why? Because the business
demands it and the way people work and access information is
radically changing.
People now access networks, systems and information in entirely
different ways through multiple mediums, often depending on how
they work, where they work and when they work.
Companies are adopting
collaborative working strategies that aim to facilitate
internal/external information sharing through multiple channels and
across team, unit and geographical boundaries. Such new ways of
working lead to the blurring of work life and personal life
boundaries and fuel the drive towards unified communications
networks.
The right mix
With the right mix of technology, process, business buy-in,
awareness-raising and education, road warriors - and indeed
customers and customer data - can be protected. It is a highly
complex feat, but devices supplied to those working largely outside
the corporate environment can be actively maintained and highly
managed.
Strict security policies also dictate how sensitive customer
data is stored, accessed and used. Large companies have invested
heavily in
authorisation and authentication technologies, and have made a
top priority of educating customers as to what electronic
communications they should and should not expect to receive.
Sometimes mobile
The real challenge is to be able to protect the sometimes-mobile
users: those who use the same portable devices to work inside and
outside the office. These people commonly work on a highly flexible
basis, take advantage of hotspots or wireless access zones and
carry around with them multiple devices, often enhanced with
exceptional applications and high levels of functionality.
These users are the hardest to protect because they are
difficult to define and identify, but they are also the
fastest-growing type of worker. Very often, they are the most
senior people within an organisation and the ones who are most
likely to access and input the most sensitive company data and
information.
While there are no easy answers, Tif members believe that having
the right usage policies and guidelines in place is crucial. That
doesn't mean a list of don'ts, because by default anything that
isn't a don't is a do, but guidance on behaviour and
responsibility. No chief security officer can guard against family
members using the same PC as a company worker, but they can
educate and make staff more security-conscious - whether they
are working on wireless-enabled home PCs, company laptops or PDAs
on the move.
Ollie Ross is head of research forThe Corporate IT
Forum
Read more expert advice from the Computer Weekly Security Think
Tank >>