Managing Mobile, Cloud and Social Media SecurityBy Bob Violino | Posted 2013-04-04 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
These popular technologies create unique security threats, which, if not addressed, can lead to serious problems for all types and sizes of organizations.
By Bob Violino
Organizations are dealing with three IT megatrends that show no signs of slowing: the move to cloud computing, rapid growth of mobile devices and applications in the workplace, and the emergence of social media in the corporate environment.
Each of these areas offers huge opportunities for benefits, including enhanced collaboration, increased productivity, more efficient operations and improved customer services. And each creates unique security threats, which, if not addressed, can lead to serious problems for organizations.
With mobile technology, the dual nature of the devices—which are used for both personal and professional purposes—"suggests that organizations are more limited on what they can deploy on the device and what they can demand the user do or not do," says Ariel Silverstone, a security consultant and former security executive.
Among the security challenges of the cloud—especially externally hosted cloud services—are that organizations lose the ability to physically possess information, and have much more limited capability to perform legally and contractually required audits, Silverstone says.
Social media presents a different challenge: What employees say, where and to whom can become an issue when it comes to security and privacy.
"I find that addressing these issues requires working with your employees, as opposed to [trying to] force them," Silverstone says. "Develop a social policy that encourages employees to participate in a conversation, while gently reminding them of confidentiality [concerns]."
A growing number of organizations that are leveraging cloud, mobility and social media are creating strategies to address security in these emerging areas.
Addressing Security in All Areas
Walz Group, a communications and compliance services company in Temecula, Calif., is grappling with all three IT trends. Employees use smartphones—mainly Android and Apple devices. With the cloud, the firm is using software-as-a-service (SaaS) offerings such as SalesForce.com's CRM software. In addition, for more than four years, it has operated its production applications and business services on a private cloud, using infrastructure-as-a-service (IaaS) offerings based on NetApp and Cisco Systems platforms.
Walz is also using social media for business, with a large percentage of its employees having accounts on Facebook, Twitter and LinkedIn. They also are using other online communications and collaboration resources, such as Skype.
The company is taking steps to address security in all of these areas.
"Smartphones can collect, monitor, store and distribute data very effectively, since most devices are now equipped with cameras, storage, Internet connectivity, application marketplaces" and other functions, says Bart Falzarano, chief information security officer. "The security challenges that exist with these devices [involve] maintaining the appropriate safeguards and controls" so that data privacy, company intellectual property and client data are protected at all times, and in accordance with data security standards and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
Walz has taken a number of steps to ensure better security, including disabling USB ports on systems containing sensitive data; training employees about secure use of devices; and placing restrictions on where, when and how the devices can be used. In addition, the company has established centralized controls for remote data wiping, and has its wireless carrier perform scans and assessments as part of its security offering.