Secure business transformation

Davey Winder investigates how to best protect enterprise networks and data while embracing BYOD, cloud and virtualisation.

The majority of business leaders in the UK believe that they relinquish responsibility for data security when it is stored in the cloud.

You'll also need to keep reviewing information security at each and every step of the transformation "to ensure that the information and security triad of Confidentiality, Integrity and Availability (CIA) is maintained," McNeil adds. CIA can be defined as:

  • C: Protecting information from disclosure to unauthorised parties;
  • I: Protecting information from modification by unauthorised users;
  • A: Ensuring the information is available to authorised users.

Getting specifically secure

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The generalisations are now out of the way. But what about best practice as it applies to securing the specific business transformational technologies of BYOD, cloud and virtualisation?

BYOD

Once an employee connects their mobile devices to the office Wi-Fi, you are facing a mobile file management situation. Often organisations will take this a step further and allow them to connect to the corporate email. However, by doing this, you then become responsible for the management of the information and content that enters and leaves your company network from their device.

"There are problems when people start bringing in different devices with different security levels and features," warns Alan Laing, vice president of Acronis in Europe, the Middle East and Africa (EMEA). "For instance, some older Android devices run operating systems that are not very secure, so you can have people sharing files over the company network and sending emails to themselves. Then the device will get forgotten on the bus ride or on an airplane and you have a serious data breach."

Newer devices like iPhones or iPads do have restrictions that can be applied, such as not allowing the use of Safari, email or locking the camera. Companies are able to do this if they add a small file to the device. However, the employee has to willingly provide the device for this. "For other devices, companies can provide mobile file management solutions which enable businesses to apply their own rules," Laing adds.

"You have a remote control, which allows you to see who has an iPad or an iPhone or who has six tablets and two smartphones and so on and then you can distribute those rules to those devices."

Advertisement - Article continues below

 One of the most basic restrictions an administrator can enforce is access to the server on an iPhone. You can enforce a pass code to come up as soon as someone tries to connect a smartphone or tablet. "There are also apps that manage access to corporation information on devices," Laing says.

He continues: "They can be downloaded from Apple's App Store or the Android Market (Google Play) and give employees access to the enterprise network. They start accessing share points and network resources on mobile devices within the restrictions of the application. This means that devices aren't locked, but a company is able to ensure that its employees have something efficient and that is easy to use and gives them quick and easy access. This solution stops staff being able to send themselves emails or add corporate content to Dropbox or Skydrive."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020