Most Americans will recognize the term ‘melting pot’ as referring to the multi-ethnic nature of society in the United States. Now, however, some IT security professionals are beginning to use it in an entirely new context, referring to the current threat environment as a ‘complex melting pot’ largely comprised of ‘security challenges surrounding the secure transfer of sensitive data via email’. This new threat environment is a result of several converging trends, including small suppliers of email services to SMBs, the increasing use of email services based in the cloud, and the BYOD movement.
Companies both large and small are steadily gaining ground in their understanding of the need to manage their BYOD policies carefully. IBM, for example, released revised policies to its workers just this past May. Among the IT security provisions included were a rule prohibiting IBM workers from using a cloud computing service from another company for some functions. This will prevent workers from relying on Dropbox, for example, to store files containing sensitive data. The guidelines also recommended encryption, going so far as to rule out the transmission of any sensitive data unless it has been property encrypted. The popular personalized web assistant known as Siri, a voice activated function on some iPhones, was also prohibited because of concerns that use of the program could result in sensitive information being transmitted to Apple, the makers of Siri and the iPhone.
In speaking of the new guidelines, Jeanette Horan, who serves as the chief information officer at IBM, referenced a "tremendous lack of awareness as to what constitutes a risk." In this respect, employees at a small or medium-sized business are largely similar to those who work for an enormous concern such as IBM. One of the great challenges of IT security in general concerns ways to help employees become participants in the process instead of obstructions and roadblocks.
For many small companies, the best answer to this challenge lies in the promise of a new approach to IT security known as managed security. In a managed security environment, remote monitoring and assistance combine to automate tasks as much as possible, removing them from the domain of the ordinary rank and file worker. Instead of simply directing workers to avoid Dropbox, for example, a managed security approach can make it impractical or even impossible for them to reach the service. This can be a better solution than relying on non-technical workers to understand and appreciate the technical necessity for a particular problem.
Managed Security Related Posts: