Security In The Times Of Social Media, Cloud And BYOD

Love it or hate it, but you can’t ignore it. Be it social media, cloud or BYOD, it is here with us, and here to stay. There is at least a perceived security risk in each of these. But how real is it? It is perhaps not fair to bracket them together, as they all require different treatment from a security perspective. But one thing is common to them all – you need to adopt them in your policy and processes, and not try to work around them. Also they are trends that will increasingly be accessed by your stakeholders and hence impact the security culture in your enterprise.

Personally, I am a strong proponent of all three. But I would still say it is important to tread with caution and make sure that the risks and reservations are fully understood and proper planning precedes the adoption.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

Tackling Security On The Cloud

The first thought that comes to the minds of at least us IT folks at the mention of cloud is typically the security risks associated with it. To my mind, it’s the same dilemma as deciding whether to put your diamond wedding ring in your own closet at home, or at the locker you hired in the bank. The risks are not higher or lower, just different.

CIOs should keep in mind that moving information warehouse to the cloud has to be a well-planned activity, and provides an excellent opportunity to re-architect and re-orchestrate your security systems to meet or exceed modern security requirements. You don’t just ‘move’ to a cloud – you graduate to it and in the process upgrade your business processes and systems. It’s the greatest opportunity to achieve that transformation you were planning for years. On the other hand, moving tonnes of data to an emerging infrastructure may well exceed your organisation’s tolerance levels, and calls for special measures to achieve secure migration.

A cloud is typically on a third party’s platform entailing legal precedence for agreement breaches, disclosure laws, regulatory requirements, privacy concerns, etc. It could be in another country and carries the risk of inadvertent breach of international law. Maintaining and proving compliance with respect to regulatory and legislative requirements may pose bigger challenges in a cloud setting. Finally, there may be portability and interoperability concerns regarding cloud vs. in-house data and applications, particularly during new product introduction. However, having said this, these risks can be mitigated through planning, education and proper oversight. In my view, while one should be aware of the risks, they should not pose a show-stopper.

Avoiding Social Media Pitfalls

Coming to social media, there are obvious risks like exposure to malware and clickable options that could potentially pose serious security risks, including lethal virus attacks on the enterprise. Then there are risks of employees and other stakeholders inadvertently leaking out their own or others’ ideas, or other sensitive information, through blogs. A comprehensive social media policy clubbed with internet usage policy, supported by monitoring process and tools, can help to a great extent in avoiding the pitfalls of social media.

BYOD: With Power Comes Responsibility

With respect to BYOD, it’s again an emerging trend favored by most employees - be it their personal laptops, iPads or smartphones. BYOD is a great medium to make an employee feel ‘at home’ and serves as a strong bridge between his social and professional lives. It is however, a major challenge from a network management perspective when it comes to enterprise adaptation. How do you port an array of enterprise applications on an ever expanding plethora of platforms? How do you manage the additional burden on your helpdesk with employees calling in with queries on configuring and using a whole new multitude of devices? Then there are concerns on core security aspects like identity management, data privacy, etc which have to be reconfigured and reengineered on a host of unknown devices.

But, coming as a respite for CIOs, there are comprehensive security solutions from independent equipment vendors that offer the best of BYOD with little or no compromise on network management and security. I believe that the market for such solutions is vast and growing, as BYOD will become increasingly more prolific in the times ahead.