Secure business transformation

The majority of business leaders in the UK believe that they relinquish responsibility for data security when it is stored in the cloud.

You'll also need to keep reviewing information security at each and every step of the transformation "to ensure that the information and security triad of Confidentiality, Integrity and Availability (CIA) is maintained," McNeil adds. CIA can be defined as:

  • C: Protecting information from disclosure to unauthorised parties;
  • I: Protecting information from modification by unauthorised users;
  • A: Ensuring the information is available to authorised users.

Getting specifically secure

The generalisations are now out of the way. But what about best practice as it applies to securing the specific business transformational technologies of BYOD, cloud and virtualisation?

BYOD

Once an employee connects their mobile devices to the office Wi-Fi, you are facing a mobile file management situation. Often organisations will take this a step further and allow them to connect to the corporate email. However, by doing this, you then become responsible for the management of the information and content that enters and leaves your company network from their device.

"There are problems when people start bringing in different devices with different security levels and features," warns Alan Laing, vice president of Acronis in Europe, the Middle East and Africa (EMEA). "For instance, some older Android devices run operating systems that are not very secure, so you can have people sharing files over the company network and sending emails to themselves. Then the device will get forgotten on the bus ride or on an airplane and you have a serious data breach."

Newer devices like iPhones or iPads do have restrictions that can be applied, such as not allowing the use of Safari, email or locking the camera. Companies are able to do this if they add a small file to the device. However, the employee has to willingly provide the device for this. "For other devices, companies can provide mobile file management solutions which enable businesses to apply their own rules," Laing adds.

"You have a remote control, which allows you to see who has an iPad or an iPhone or who has six tablets and two smartphones and so on and then you can distribute those rules to those devices."

One of the most basic restrictions an administrator can enforce is access to the server on an iPhone. You can enforce a pass code to come up as soon as someone tries to connect a smartphone or tablet. "There are also apps that manage access to corporation information on devices," Laing says.

He continues: "They can be downloaded from Apple's App Store or the Android Market (Google Play) and give employees access to the enterprise network. They start accessing share points and network resources on mobile devices within the restrictions of the application. This means that devices aren't locked, but a company is able to ensure that its employees have something efficient and that is easy to use and gives them quick and easy access. This solution stops staff being able to send themselves emails or add corporate content to Dropbox or Skydrive."

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.