In the past, IT organisations were primarily responsible for a company's data security. It was a model driven from the bottom up - they were the ones who worried about devices, users, accounts and passwords. If a system got hacked and data was stolen, IT took care of it and only very rarely did this get escalated to the business.
The IT security-centric culture is changing. These days, the key drivers for an organisation's security are determined at the board and executive level. Today's security landscape demands governance, risk management and compliance (GRC). These demands are compounded by the need to prove GRC and provide for litigation readiness.
Many of the progressive organisations are addressing legalities right now and it's a hot topic. Even if they haven't had specific litigation events, they're engaging in what's called litigation readiness and providing systems to support that. So, if an organisation receives a lawsuit - over a privacy claim, a sexual harassment case, or a contract dispute - they can pull together all the information that exists throughout the company to support that claim.
Demanding mobility
Data distribution becomes a concern when we think about the changing culture in many organisations. People increasingly expect to be able to use mobile devices like smart phones or the BlackBerry, and if the company won't give it to them, they buy these convenience devices anyway.
The risks are obvious: all of the user's e-mail and associated documents are on a mobile device that could be easily stolen, leaving open access to items that fraudsters would have had to infiltrate a company to get a few years ago.
Let's be clear: users are not doing this because they're malicious - they're doing it because they crave the additional functionality, or they need to be connected at all times in this highly competitive world. They save their data to an SD card, a USB stick or a mobile device. They don't do it, saying: "I am going to take this information and put it at risk and put it in an unsecured location." They do it because they genuinely believe they're trying to get something done and help the organisation.
Addressing security
In the past, the tendency with security has been to lock it down and that's a big problem because 100% secure is 100% unusable.
Nick Keene is southern Africa country manager for Citrix Systems.
That's where we're running into a culture clash. In the past, the tendency with security has been to lock it down and that's a big problem because 100% secure is 100% unusable. The end-user just sees security as something that slows them down and gets in their way. Organisations have to be able to find a way to provide security for these types of situations but make it a benefit to the user. Security must be addressed across the application delivery infrastructure.
Instead of telling users that they can't use a mobile device any more, or can't connect to corporate resources, what if there was a way that the organisation can manage that data regardless of whether the device was purchased by the company or purchased by the end-user?
As an extra benefit, wouldn't it be great if the end-user could go out and buy any type of device and always have the same applications and same data? There would be no need to reinstall and translate and everything else. What if there was a corporate-ready view on this phone?
Virtualisation
That technology is available today. Organisations can give end-users the applications they need on any type of device regardless of where they are. Virtualisation solves the expensive problem of gathering data that was outlined earlier, because the information stays in the data centre.
From a security perspective, by having a specific isolated environment to run applications, if a company had a crash or an issue with one of those environments, it is not impacting anything else. It can have different configurations that the IT department defines, and it allocates resources according to a category of users, whether they're accessing HR applications or they're high-end developers.
Virtualisation takes away the need for users to take data home on a laptop or copy it. Regardless of where they are or what type of device they have, they get to the same desktop, applications and data.
The weakest link in the chain is the one that causes all the problems. We can't allow that to happen to IT security at the intervals seen in the past, because the penalties are extremely severe. That's why enabling the application delivery infrastructure for security is so crucial, and yields so many benefits to the organisation.
* Nick Keene is southern Africa country manager for Citrix Systems.
Share