Tif: Boundaries are blurring

The idea that a boundary exists between "locked down" IT systems inside the corporate network and everything else operating outside it does not make as much sense as it once did...

The idea that a boundary exists between "locked down" IT systems inside the corporate network and everything else operating outside it does not make as much sense as it once did, writes Ollie Ross, head of research for The Corporate IT Forum.

For the large companies that belong to The Corporate IT Forum and take part in our specialist security service, the boundary is becoming virtual and blurred. The last few years have seen corporates opening up and de-perimeterising their networks. Why? Because the business demands it and the way people work and access information is radically changing.

People now access networks, systems and information in entirely different ways through multiple mediums, often depending on how they work, where they work and when they work.

Companies are adopting collaborative working strategies that aim to facilitate internal/external information sharing through multiple channels and across team, unit and geographical boundaries. Such new ways of working lead to the blurring of work life and personal life boundaries and fuel the drive towards unified communications networks.

The right mix

With the right mix of technology, process, business buy-in, awareness-raising and education, road warriors - and indeed customers and customer data - can be protected. It is a highly complex feat, but devices supplied to those working largely outside the corporate environment can be actively maintained and highly managed.

Strict security policies also dictate how sensitive customer data is stored, accessed and used. Large companies have invested heavily in authorisation and authentication technologies, and have made a top priority of educating customers as to what electronic communications they should and should not expect to receive.

Sometimes mobile

The real challenge is to be able to protect the sometimes-mobile users: those who use the same portable devices to work inside and outside the office. These people commonly work on a highly flexible basis, take advantage of hotspots or wireless access zones and carry around with them multiple devices, often enhanced with exceptional applications and high levels of functionality.

These users are the hardest to protect because they are difficult to define and identify, but they are also the fastest-growing type of worker. Very often, they are the most senior people within an organisation and the ones who are most likely to access and input the most sensitive company data and information.

While there are no easy answers, Tif members believe that having the right usage policies and guidelines in place is crucial. That doesn't mean a list of don'ts, because by default anything that isn't a don't is a do, but guidance on behaviour and responsibility. No chief security officer can guard against family members using the same PC as a company worker, but they can educate and make staff more security-conscious - whether they are working on wireless-enabled home PCs, company laptops or PDAs on the move.

Ollie Ross is head of research for The Corporate IT Forum

Read more expert advice from the Computer Weekly Security Think Tank >>

Read more on IT risk management