3 Tips for Implementing Business IT Security Flexibility - iCorps
3/5/15 11:28 AM Chris Stephenson
Flexible IT Security (FITS)
For decades we have witnessed rapid and unrelenting technological change and innovation in our lives. How quickly we have moved from: mainframes in the 1970’s; to PCs and LANs in the 1980’s; to the Internet, Web and Email in the 1990’s; to search, social, and mobile in the 2000’s; to cloud, wearable tech and big data in our present decade. That’s the kind of head-spinning change that can make the Google Glasses fly right off your head!
But when we step back and a take a big picture view, we can begin to see broader business trends that are slowly taking hold. One of the most noteworthy trends recently is something we are calling Flexible IT Security (FITS).
Traditionally, there has been a thick concrete wall separating corporate and personal technology. Strong IT department rules have governed the kind of computers and devices allowed onto corporate networks, as well as the methods of access. These policies were easier to enforce before the explosive growth of smart phones and tablets, and the increasing prevalence of broadband and Wi-Fi. These days, the ubiquity of technology in every aspect of our lives has begun to blur the lines between business and our personal lives, and created an “always-on, always-connected” culture.
Information technology has gone mainstream. Grandpa is on Facebook posting poorly lit pictures of his pasta fazool and clicking the Like button every 12 seconds; Middle schoolers are live-Tweeting their bus-riding exploits, and [I’m not making this up] 38% of two-year-olds are using mobile devices, according to Common Sense Media. Based on this seismic shift, businesses are finding it helpful, and in many cases necessary, to evolve and establish more flexibility in their IT services, practices and procedures. In fact, two thirds of enterprises report allowing their employees to bring their own devices (known as BYOD) into the enterprise, according to Infonetics. This is both good and bad.
Good: After decades of notoriously rigid inflexibility, corporate IT teams are adapting to the rapidly changing needs of their customers and employees by adding flexibility to their technology architectures and policies. Some companies are even offering their employees the option to choose either BYOD or company-supplied technology. Managed properly, this enhanced flexibility can lead to higher productivity, friction-free communication, and more efficient business flow.
Bad: 60% of businesses don’t have documented BYOD and WiFi policies in place, despite the fact that a WiFi attack on an open network can take less than 2 seconds, according to Extreme Networks. This lack of governance and protection leaves networks unprotected and vulnerable to attack, resulting in billions of dollars in damages and recovery efforts.
The Solution: “Flexible IT Security (FITS)”
Thankfully, although there is no one-size fits all approach to handling the unique needs of each business, there are practical, cost-effective methods to adding FITS to most any organization. These include:
1. POLICIES: Establish and document technology policies to lay out the ground rules and set clear expectations for everyone. These policies don’t need to be lengthy or complex. In fact, one of the keys to establishing long lasting, effective and enforceable policies is KISS (Keep It Simple Stupid!). Also, to avoid becoming overwhelmed, start by creating targeted policies to address specific areas to get the ball rolling. A great way to begin is to create a BYOD policy and a WiFi policy. These alone will go a long way toward reducing risk and bringing pragmatic protections to your business.
2. TRAINING: Creating awareness and education are both critical to the success and effectiveness of any policy. When it comes to flexible IT Security, there is an implied give –and-take where the end-users’ participation and cooperation is paramount to making this all work smoothly. Here again, simple is better. Keep training short, sweet and to the point. However, more importantly, the key for success is to embrace training as an ongoing dialogue rather than a one-and-done exercise. Tech security is constantly evolving, which requires clear and open communication with scheduled updates and refreshers. Whether you be handled by experience IT staff or your outsourced provider, it is often a good idea to discuss your needs with your technology
3. DON’T REINVENT THE WHEEL: There are many resources available online to help with IT governance, documentation, policies and training. Some of this information is low-cost or even free. Of course, depending upon the unique nature and needs of your business and your regulatory requirements, it is often advisable to seek assistance from technology professionals who handle these kinds of services. Most reputable, full-service IT consultancies should be able to offer guidance and assistance on all of this.
Be flexibly secure and securely flexible.
More trends to follow. Stay tuned!