Open Framework, Information Management Strategy & Collaborative Governance | Data & Social Methodology - MIKE2.0 Methodology
Members
Collapse Expand Close

To join, please contact us.

Improve MIKE 2.0
Collapse Expand Close
Need somewhere to start? How about the most wanted pages; or the pages we know need more work; or even the stub that somebody else has started, but hasn't been able to finish. Or create a ticket for any issues you have found.

Posts Tagged ‘security’

by: RickDelgado
17  Aug  2015

Differences between Large and Small Companies Using BYOD

Regardless of company size, Bring-Your-Own-Device (BYOD) has become quite popular. According to Gartner, half of employers surveyed say they’re going to require workers to supply their own devices at work by 2017. Spiceworks did a similar study, finding about 61% of small to medium sized businesses were using a BYOD policy for employee devices. Businesses of all sizes are taking BYOD seriously, but are there differences in how large and small companies handle their policies?

 Gaining experience is important in learning how to implement and manage a mobile device policy. Small companies are increasingly supporting smartphones and tablets. Companies with fewer than 20 employees are leading – Spiceworks says 69% in a survey are supportive. By comparison, 16% of employers with more than 250 employees were as enthusiastic.

 According to this study, small companies appear to be more flexible in adopting BYOD. There are certain aspects, however, where they may lag behind their larger counterparts. Here are some examples.

 Mobile Device Management

 Larger corporations often have more resources available to implement Mobile Device Management (MDM) systems. For example, Spiceworks said 56% of respondents were not planning to use MDM mainly because the company does not see a big enough threat. Lost or stolen devices, or misuse by employees, are seen as substantial risks. On the other hand, 17% of the responding small businesses were engaging in active management and just 20% said they would within six months.

 The perks of MDM include barriers against data theft, intrusion, and unauthorized use and access. It also helps prevent malware infections.

 Larger businesses seem to be more understanding of the need for a proactive MDM system. They tend to possess more knowledge of the technology and the risks and face fewer budgetary hurdles. By comparison, many small companies lack knowledge, funds, and insight into the risks of connecting mobile devices to their network. Cloud-based MDM solutions are a growing alternative. The same Spiceworks study found 53% of respondents were going with a hosted device management solution.

Security

The risks are clearly great for any sized company. A BYOD policy can boost revenue and risk management into the millions of dollars. Corporations usually have multiple layers of security. For a small business, it doesn’t take much to bring the company down. One single cyber-attack can be so costly the company won’t be able to survive.

 Security, and the training that goes along with it, is costly for a small company. It might not be able to afford any of the tools necessary for adequate protection. Even if a company was going for savings, data breaches will make these seem like pennies. Such events can cause millions of dollars in damages for even the smallest businesses.

Data leakage is another security risk, besides cost. Mobile devices are prone to data theft without a good MDM system. Gartner highlights the fact mobile devices are designed to support data sharing, but lack file systems for applications. This makes it easier for data to be duplicated and sent to applications in the cloud. It is up to IT to be up on the latest technologies and uses. Obviously, larger companies have the upper hand in this area as they have a better security posture.

 Conclusion

Both large and small companies are using BYOD. The differences lie in the willingness to adopt comprehensive Mobile Device Management systems and security policies. These come with the obvious costs which smaller businesses must wrestle with. It often comes down to comparing the daily policy operating costs with those of the risks. When a breach happens, for example, a small business feels the pain and wishes having had the right system in place. Cloud MDM systems are becoming more affordable. These are providing smaller entities with the resources of larger organizations. Time will only tell whether small and medium sized business will become as accepting of mobile device security and management as larger organizations.

Tags: ,
Category: Information Governance
No Comments »

by: Jonathan
26  Mar  2015

5 Challenges facing the Internet of Things

Our constant need to be connected has expanded beyond smartphones and tablets into a wider network of interconnected objects. These objects, often referred to as the Internet of Things (IoT), have the ability to communicate with other devices and are constantly connected to the internet in order to record, store and exchange data.

This idea of an “always on, always connected” device does seem a little big brother-ish, but there are definitely some benefits that come with it. For example, we are already seeing smarter thermostats, like Nest, that allow us to remotely control the temperature of our homes. We also have appliances and cars with internet connectivity, that can learn our behavior, and act on their own to provide us with greater functionality. However, while this is an accelerating trend with already many objects on the market, there are still a number of challenges facing IoT, which will continue to hinder its progress and widespread adoption.

Security

It seems as if every discussion surrounding networks and the internet is always followed by a discussion on security. Given the recent publicity of damaging security breaches at major corporations, it’s hard to turn a blind eye to the dangers of more advanced cyber attacks. There’s no hiding the fact that the introduction of IoT will create a number of additional vulnerabilities that’ll need to be protected. Otherwise, these devices will simply turn into easy access points for cyber criminals. Given that IoT is new technology, there aren’t a lot of security options designed specifically for them. Furthermore, the diversity in device types makes uniform solutions very difficult. Until we see greater security measures and programs designed to handle IoT devices, many will remain hesitant to adopt them for personal and professional use.

Privacy

On the coattails of security comes privacy. One of bigger debates in this age of data is who actually owns the data being created. Is it the users of these devices, the manufacturers, or those who operate the networks. Right now, there’s no clear answer. Regardless, while we are left arguing who owns what information, these devices are tracking how we use them. Your car knows which route you take to work, and your home knows what temperature you prefer in the mornings. In addition, when you consider that almost everything requires an online profile to operate these days, there can be a tremendous amount of private information available to many different organizations. For all we know, our televisions are watching us as we watch our favorite shows, and sending that information to media companies.

Interoperability

In order to create a pure, interconnected IoT ecosystem, there needs to be a seamless experience between different devices. Currently, we haven’t yet achieved that level of interoperability. The problem is that there are so many different makes and models, it’s incredibly difficult to create an IoT system with horizontal platforms that are communicable, operable, and programmable. Right now, IoT communication is fragmented, and many devices are still not able to ‘talk’ with one another. Manufacturers will need to start playing nice with each other, and create devices that are willing to work with competitors.

WAN Capacity

Existing Wide Area Networks (WAN) have been built for moderate-bandwidth requirements capable of handling current device needs. However, the rapid introduction of new devices will dramatically increase WAN traffic, which could strangle entreprise bandwidth. With the growing popularity of Bring Your Own Device policies, people will begin using IoT devices at work, forcing companies to make the necessary upgrades, or suffer crawling speeds and weakened productivity.

Big Data

IoT technology will benefit and simplify many aspects of our lives, but these devices serve a dual purpose, benefiting organizations hungry for information. We live in an era of big data, where organizations are looking to collect information from as many sources as possible in the hopes of learning more about customers and markets. IoT technology will greatly expand the possibilities of data collection. However, the problem then becomes managing this avalanche of data. Storage issues aside, we’ve only just developed improved ways of handling big data analytics, but technologies and platforms will need to further evolve to handle additional demands.

Tags: ,
Category: Web2.0
No Comments »

by: Robert.hillard
28  Mar  2014

Login with social media

With a little work, social networks have the potential to be as valuable in confirming an identity as a passport.  It is the power of the crowd that can prove the integrity of the account holder, perhaps best described as crowdsourcing identity.

There are usually two goals of identity.  The first is to confirm you are you who you say you are and the second is to work out your relationship to other people.

Social networks can solve both.  We’re all familiar with the burgeoning number of websites that allow you to “login” with Facebook, LinkedIn or Twitter.  The vast majority, though, are simply using a convenient approach to challenge and permit access.  Rather than maintaining a new set of credentials, they are using a mechanism that maintains those sensitive details externally.

This is to be applauded and is entirely consistent with the objectives of cloud to share services rather than build complete vertical solutions from the ground up.  However, just accepting a social network’s credentials only uses a fraction of the capability that aligning with these services offers.

Telephone directories

In past decades, our grandparents carefully checked the telephone directory when it came out to make sure all their family and friends were listed correctly.  With the whole city doing the same thing, any mistakes (or even deliberate fraudsters) were pretty quickly uncovered.

Today, phone directories are barely looked at and are, at best, incomplete.  Once you get through an ID check, your details are entirely within your control and very likely to go unchallenged.

Social networks are different.  While the profile that is created is self-regulated, its exposure to the friends forces a level of honesty.  It may be easy to create a false identity, but a profile that is fully connected with the network and is actively maintained is much harder to fake for an extended period.  Some of the things to look for include: levels of activity, numbers of “friends” or connections who are themselves active and connected, cross-posting and the amount of detail on the profile.

A CV to be trusted

Many employers now prefer LinkedIn to a CV for the simple reason that it is harder to fake qualifications and experience.  A CV prepared for an employer requires reference checking and verification that often doesn’t happen.

The media is full of stories of senior people who have been caught claiming qualifications that they never completed.  Compare that to the profile on LinkedIn where there are usually hundreds of connections, any one of which will call out if a false qualification is claimed or the description of employment is exaggerated.

Moreover, for most employers the network of connections in common is extensive and a whole range of potential points of verification are added, even if confidentiality requires waiting until after employment has commenced.  Just the knowledge that this is likely to happen discourages would-be fakes.

Credentials that aren’t shared

Just as people will grab their smartphone before almost any other possession in an emergency, it seems that they value their social media login credentials above almost any other password.

People will often happily give out their credentials for video streaming services (such as Netflix).  They allow their trusted family members to use their banking user details.  They will even allow support staff at work to have their network password.  But ask for access to their Facebook or LinkedIn account and they will refuse as it sits at the centre of their trusted friend network.  Access to this core is just too sensitive to share.

In the future we could see building security where you “login with Facebook” and banks using social media credentials as part of identifying a customer when creating a new account.

A fair exchange of value

Whether a business or government service, it is important that the consumer or citizen receives fair value for using social media to identify themselves.  The key is full disclosure.

If all that the Google, Facebook, Twitter or LinkedIn account is doing is providing access then the exchange is one of convenience.  For the user, there is one less password to maintain and the site owner there is one less point of exposure.

However, it may be that the site or service needs to know about relationships, locations or other details which are maintained in the service.  Full disclosure allows the user to feel confident on what is being used and why.  If the use is appropriate to the user’s needs then this approach provides a way of updating their personal details without their filling out as many forms.

Many online services need not have any username or password data at all and those that do may only need it for those customers or citizens who want to opt-out of the social media revolution.  Arguably, this last group maintain less of their details online and are usually less exposed in the event of security breach.

Good practice suggests using social media as part of an identity service rather than government or business trying to create yet another master, standalone, identity solution of their own.

Tags: ,
Category: Enterprise2.0, Information Value, Web2.0
1 Comment »

by: Ocdqblog
10  Dec  2013

The Sound of Sound Information Security

I like it when I stumble across examples of information management concepts.  While working on a podcast interview with William McKnight discussing his new book Information Management: Strategies for Gaining a Competitive Advantage with Data, I asked William for a song recommendation to play as background music while I read his bio during the opening segment of the podcast.

After William emailed me an Apple iTunes audio file for the song “Mother North” off of the 1996 album Nemesis Divina by Norwegian black metal band Satyricon, I ran into an issue when I attempted to play the song on my computer that provides two points about the information security aspects of information governance:

  • The need to establish a way to enforce information security so that only authorized users can access protected information.  In this case, the protected information is a song purchased from the Apple iTunes store, where purchases are associated with both an Apple ID and the computer used to purchase it.  This establishes an information security policy that is automatically enforced whenever the information is accessed.  If a security violation is detected, in this case by attempting to play the song on another computer, the policy prevents the unauthorized access.
  • Information security policies also have to allow for unexpected, but allowable, exceptions otherwise security becomes too restrictive and inconveniences the user.  In this case, Apple iTunes allows a song to be played on up to 5 computers associated with the Apple ID used to purchase it.  This is an excellent example of the need to combine portability and security by embedding a security policy as the information’s travel companion.  Apple does not just prevent you from playing the song, but offers the ability to prove you are authorized to play it on another computer by entering your Apple ID and password.

The goal of information security is to protect information assets against intrusion or inappropriate access.  Comprehensive security must not be limited to the system of origination but must travel with the information, especially as today’s mobile users need to access information from multiple devices.

Much like the hills are alive with the sound of music, make sure that your information governance policies are alive with the sound of sound information security, thus making your organization’s easily accessible while appropriately protected information assets music to your users’ ears.

Tags: , ,
Category: Information Governance
2 Comments »

by: Phil Simon
01  Jul  2013

Evernote’s Three Laws of Data Protection

“It’s all about bucks, kid. The rest is conversation.”

–Michael Douglass as Gordon Gekko, Wall Street (1987)

Sporting more than 60 million users, Evernote is one of the most popular productivity apps out there these days. You may in fact use the app to store audio notes, video, pics, websites, and perform a whole host of other tasks.

(more…)

Tags: , , ,
Category: Information Management
No Comments »

Calendar
Collapse Expand Close
TODAY: Thu, September 21, 2017
September2017
SMTWTFS
272829303112
3456789
10111213141516
17181920212223
24252627282930
Archives
Collapse Expand Close
Recent Comments
Collapse Expand Close