Secure business transformation

"This can be simpler than it sounds. However, it should be addressed sooner rather than later or you'll be trying to undo years of poor practice," Laing advices. Here are his five steps for IT Pro readers wanting to implement a mobile data security policy:

1. Select a platform

The first place to start is deciding which platform and devices you wish to support. Most corporations pick Android and iOS. Then you start to build your strategy based around that. Remember, the platform you choose will influence the devices you allow and want to support.

2. Select a device

You need to know what you want people to be able to do with their device inside the corporate network. Windows 8-based devices, for example, have a huge advantage because they can facilitate integration into the corporate network and ensure that all staff have a standard way to access it. However, Apple seems to be winning the hearts and minds of the average office worker currently.

3. Select participants

The next step is to think about who you want to apply the Mobile Data Security strategy to. Are you going to apply it to all staff? Will you have the same restrictions that apply to corporate devices?

4. Select what you want to share

It then needs to be decided what corporate data should be shared. MDM/MFM solutions allow users to access files securely remotely. This enables real time syncing with the corporate network whilst on the go.

5. Set a budget

The total cost involved in implementing a mobility policy quickly adds up. There is the initial cost of purchasing the mobile devices, file management and security software and then IT labour costs. In order to remain budget savvy, businesses need to work closely with value added resellers to help implement an ecosystem that covers both the MDM and MFM challenges, at the best price.

Cloud

The majority (88 per cent) of business leaders in the UK believe that they relinquish responsibility for data security when it is stored in the cloud, according research by Iron Mountain. This means cloud is a transformational technology that can leave the enterprise at risk if not dealt with properly during implementation. Christian Toon, head of information risk at Iron Mountain, provided the following seven-point plan for IT Pro readers to help reduce risk when information is moved to the cloud:

1. Find out exactly where your data will be stored, who has access to it and whether it will or could be moved. This is vital for ensuring data security and integrity. Some data, for example HR records, cannot legally be moved across international boundaries.

2. Consider the physical and IT infrastructure of your provider's data centre. How secure is the building? Where does the provider source IT equipment such as servers and cables?

3. Don't forget the people. You need to trust the people who handle your information. Does your cloud provider have a rigorous vetting processes and security training in place for all employees?

4. Look for evidence of business continuity planning. Will your data be safe if something goes wrong? Does the provider have service recovery measures in place such as failover and redundancy, or back-up generators to minimise the impact of power failure?

5. Size matters. How much data are you trying to store? Attempting large-scale restoration from the cloud can be problematic. Moving information to and from the cloud requires large bandwidth. You're better off restoring from tape if you are working with volumes in excess of 20GB.

6. Don't put all your eggs in one basket. Depending on a single solution may mean that your back-up fails when you need it most. Build a tiered-approach so that you are prepared for any eventuality.

7. Safeguard sensitive information. The cloud may not be the best option for storing highly sensitive, unique or legally restricted data such as intellectual property, HR records or financial plans.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.