Secure business transformation

Davey Winder investigates how to best protect enterprise networks and data while embracing BYOD, cloud and virtualisation.

"This can be simpler than it sounds. However, it should be addressed sooner rather than later or you'll be trying to undo years of poor practice," Laing advices. Here are his five steps for IT Pro readers wanting to implement a mobile data security policy:

1. Select a platform

The first place to start is deciding which platform and devices you wish to support. Most corporations pick Android and iOS. Then you start to build your strategy based around that. Remember, the platform you choose will influence the devices you allow and want to support.

2. Select a device

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

You need to know what you want people to be able to do with their device inside the corporate network. Windows 8-based devices, for example, have a huge advantage because they can facilitate integration into the corporate network and ensure that all staff have a standard way to access it. However, Apple seems to be winning the hearts and minds of the average office worker currently.

3. Select participants

The next step is to think about who you want to apply the Mobile Data Security strategy to. Are you going to apply it to all staff? Will you have the same restrictions that apply to corporate devices?

4. Select what you want to share

It then needs to be decided what corporate data should be shared. MDM/MFM solutions allow users to access files securely remotely. This enables real time syncing with the corporate network whilst on the go.

5. Set a budget

Advertisement - Article continues below

The total cost involved in implementing a mobility policy quickly adds up. There is the initial cost of purchasing the mobile devices, file management and security software and then IT labour costs. In order to remain budget savvy, businesses need to work closely with value added resellers to help implement an ecosystem that covers both the MDM and MFM challenges, at the best price.

Cloud

The majority (88 per cent) of business leaders in the UK believe that they relinquish responsibility for data security when it is stored in the cloud, according research by Iron Mountain. This means cloud is a transformational technology that can leave the enterprise at risk if not dealt with properly during implementation. Christian Toon, head of information risk at Iron Mountain, provided the following seven-point plan for IT Pro readers to help reduce risk when information is moved to the cloud:

1. Find out exactly where your data will be stored, who has access to it and whether it will or could be moved. This is vital for ensuring data security and integrity. Some data, for example HR records, cannot legally be moved across international boundaries.

Advertisement
Advertisement - Article continues below

2. Consider the physical and IT infrastructure of your provider's data centre. How secure is the building? Where does the provider source IT equipment such as servers and cables?

3. Don't forget the people. You need to trust the people who handle your information. Does your cloud provider have a rigorous vetting processes and security training in place for all employees?

Advertisement - Article continues below

4. Look for evidence of business continuity planning. Will your data be safe if something goes wrong? Does the provider have service recovery measures in place such as failover and redundancy, or back-up generators to minimise the impact of power failure?

5. Size matters. How much data are you trying to store? Attempting large-scale restoration from the cloud can be problematic. Moving information to and from the cloud requires large bandwidth. You're better off restoring from tape if you are working with volumes in excess of 20GB.

6. Don't put all your eggs in one basket. Depending on a single solution may mean that your back-up fails when you need it most. Build a tiered-approach so that you are prepared for any eventuality.

7. Safeguard sensitive information. The cloud may not be the best option for storing highly sensitive, unique or legally restricted data such as intellectual property, HR records or financial plans.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020