Companies are losing their grip on their data. The reason why boils down to them applying 20th century mindsets and methodologies in 21st century mobile world.
“The old ways of managing and protecting information just don’t cut it anymore and that’s why companies are losing their grip on their data. With the mass proliferation of mobile devices, an increasingly-growing mobile workforce and remote users, data is no longer where it used to be.
“It’s time to face some cold hard truths; your data has left the building, you are not in control of it anymore (your users are), your data is everywhere your employees go, and if you’re still using 20th century security methods, your data is at risk,” says Richard Broeke from specialist IT security company, Securicom.
He says that what was considered enough to secure networks and data just a few years ago is nowhere near adequate today. Times have changed dramatically. Not too long ago, companies had their data where it was easy to control it.
Employees sat at their workstations and went about their business. When they left the office at the end of the day, data stayed where it was – on a desktop equipped with adequate security within a contained and secured environment.
Today, it’s an entirely different story. Mobile devices in particular present an array of new threats for business, which to a large extent are ignored.
“Some of the operating systems on today’s smart mobile devices are flawed by design. When employees use their own devices for work, they make for a perfect gateway or point of attack on company networks.
“Add to this the possibility, that with the capacity of these devices, an employee could copy the entire CRM or financial database and walk out of the door without anyone knowing, and you begin to understand the risk that the unsanctioned use of mobile devices poses to businesses. And, mobile risks cannot be treated with the same methodologies and strategies used to address traditional IT security threats,” he says.
Broeke says anyone who wonders what the big deal is about having data essentially roaming freely in and out of company buildings and networks needs to ask a few questions:
* Is your company at risk of non-compliance with legislation by not securing company information?;
* Could you face litigation if confidential information were to be exposed to unauthorised people?;
* Could you afford the costs of containing the leak and legal expenses?;
* Do you have important business information or trade secrets that you want to protect from outsiders?;
* Do you want your customers’ information shared with a competitor?;
* Do you want your financial information exposed?;
* Do you want to protect your business, your employees and your customers against fraud?; and
* What impact would it have on your business if your business critical systems failed?
Certainly, various pieces of legislation place considerably onerous responsibilities on companies to take the necessary measures to protect the information they collect, process and store.
With the Protection of Personal Information (PPI) bill, which is currently being drafted for instance, company directors could be held personally liable in the face of not taking appropriate steps to safeguard their business critical and confidential information, with court, big fines and prison sentences among the possibilities for them.
But, it’s not only about avoiding litigation or even fraud. Companies need to have control over their data and do what they can to protect it because it is their intellectual property – the lifeblood of their business.
“To protect data wherever it is or goes, companies need a holistic approach, with layers of security solutions to protect data in the most outlying places and on the diversity of mobiles devices upon which it is found, right to the core, being the network. 20th century methods can’t do this.
“A holistic, end-to-end solution would include Web security to inspect and filter inbound and outbound Web traffic combat browser-based threats such as bots, phishing, and other malicious active content; robust firewall; e-mail security; data loss prevention technologies; encryption for data in transit; endpoint security, and a mobile device management solution to secure and manage portable devices,” he concludes.