Search

Security

Best Practice

Impacts of IT Consumerization on Business Security

Over the last few years, consumer devices entered the workplace. IT discovered whole new challenges and opportunities but, today comes the second wave in Consumerization of IT, the Shadow IT.

FOCUS ON: Security,

Consumerization is happening in many different ways. The first is the use of consumer websites and services to get work done. Hotmail, Linked-In, Twitter and other web tools all fall under this category. The other is a move toward employee-owned hardware, such as smartphones and laptops. Smartphones were the most commonly cited employee- owned/managed device that had made it into business workflows. There are several factors driving this. Productivity demands on employees have increased over the last decade, partly due to layoffs and downsizing. There is a growing expectation for employees to deliver anytime, anyplace. While businesses push for increased productivity, they may not be able to justify investments in best-of-breed productivity tools such as smartphones for employees. Many employees already have the smartphones and laptops needed to meet business demands at home and they want to integrate them with their work life. Mounting pressure from both employee and corporation has pushed businesses to consumerize.

ADOPTING THIS NEW MODEL MEANS MOVING SECURITY TO BECOME CONSULTANTS FOR BUSINESS AND PROVIDING THE SECURITY CAPABILITIES AS A SERVICE.

Which are the security issues? How can we assure the appropriate security posture?

Context-Aware Security

It is mandatory support user’s freedom to move on Consumerization Era while keeping information protection, in this scenario security is even more important to ensure that adequate security processes and controls are in place to protect sensitive information and applications when accessing corporate IT assets from consumer devices and apps.

Legal Issues

If the company doesn’t own the device, there are open questions around compliance and audit.

E-DISCOVERY: How to examine and possibly judge an employee-owned device in the case of legal proceedings considering the concern of inadvertently retrieving personal data, maybe sensitive and clearly not company owned.
SECURITY AND CONTROL OF DATA: While for corporate-owned devices configurations can be set and enforced, security software installed and software updates monitored; for employee-owned devices it is more difficult to guarantee common configurations and allowing some amount of corporate control over data along with the ability to remotely wipe the phone.
LAWS AND REGULATORY REQUIREMENTS: Data protection, employees’ rights, capital market regulations (such as SOX), speciﬁc industry related requirements, etc. should be assessed against the new perimeter imposed by Consumerization. Companies must develop and enforce codes of conduct regarding the use of various software and services to limit corporate liability.

Reply has developed a proprietary and dedicated framework to allow enterprises to manage the IT Consumerization phenomena assuring an adequate security posture.

MONITOR & IDENTIFY

Build awareness about shadow IT and BYO* identifying and monitoring its presence and usage.

Identify the usage or the needs to use new BYO* or to recur to shadow IT
Monitor the usage of managed BYO* and other managed IT solutions

EVALUATE

Evaluate the needs, the use and the risks. Identify and evaluate possible solutions.

Evaluate the needs related to new identified BYO-Everything/Services and misuses about managed BYO-Everything/Services in terms of Risks (compliance, security, etc.) and Business benefits.
Identify possible solutions among: Accept or Deny (Policies & Technology), clone internal solution and control and Regulate the existing (Policies & Technology).
Evaluate the possible solutions.

OPERATE

Let the new solution or the regulated one be used and enforce security through the tools and solutions identified in the previous step.

MANAGE & SECURE

Implement the selected solution and setup the needed organizational, training awareness activities.

Implement the selected solution in terms of: technology to clone and/or control and regulate the usage of the BYO* and organizational activities to define and formalize roles and rules (Policies, Procedures, etc.).
Training and awareness initiatives to assure the knowledge of the existence of a new BYO* and the related usage rules.
Assure synergies among Security and other departments (e.g. IT, Marketing, Innovation, etc.).

RELATED CONTENTS

Digital Identity

Best Practice

Staying ahead of the digital identity evolution

Cyberspace represents the total interconnectedness of human beings through computers and telecommunications, regardless of physical geography. It is a term used to describe the whole range of information resources available through computer networks. For our purposes, cyberspace is a realm in which communication and interaction between two individuals, or between an individual and a computer, is facilitated by digital data exchanged over computer networks.

10.07.2015 / Agefi Luxembourg

Press Article

Can we trust a Cloud provider with our most critical corporate assets?

Without a doubt, the Cloud is expanding at the speed of light. This morning I googled for “Cloud Security” and received 57 Million hits, a few hours later and it was already over 69 Million hits. Together with this incredible expansion, threats and cyber security risks are growing at the same speed. Moving your corporate applications and data onto the Cloud is a bit like leaving your child at kindergarten for the first time. It is scary to hand over corporate strategic information into someone else’s control. Leadership teams, executives, security officers, information risk officers and the vast majority of stakeholders have the same question: Is the Cloud secure? Can we trust a Cloud provider with our most critical corporate assets? The short answer, to quote Obama is: “Yes, we can”. However, the true answer is somewhat more nuanced.

Search

Best Practice

Impacts of IT Consumerization on Business Security

Over the last few years, consumer devices entered the workplace. IT discovered whole new challenges and opportunities but, today comes the second wave in Consumerization of IT, the Shadow IT.

ADOPTING THIS NEW MODEL MEANS MOVING SECURITY TO BECOME CONSULTANTS FOR BUSINESS AND PROVIDING THE SECURITY CAPABILITIES AS A SERVICE.

Which are the security issues? How can we assure the appropriate security posture?

Context-Aware Security

Legal Issues

Reply has developed a proprietary and dedicated framework to allow enterprises to manage the IT Consumerization phenomena assuring an adequate security posture.

MONITOR & IDENTIFY

EVALUATE

OPERATE

MANAGE & SECURE

Digital Identity

Best Practice

Staying ahead of the digital identity evolution

10.07.2015 / Agefi Luxembourg

Press Article

Can we trust a Cloud provider with our most critical corporate assets?

Threat Intelligence Services

Best Practice

Underground Security Intelligence for Financial Institutions

join reply work with us

Search

Best Practice

Impacts of IT Consumerization on Business Security

Over the last few years, consumer devices entered the workplace. IT discovered whole new challenges and opportunities but, today comes the second wave in Consumerization of IT, the Shadow IT.

ADOPTING THIS NEW MODEL MEANS MOVING SECURITY TO BECOME CONSULTANTS FOR BUSINESS AND PROVIDING THE SECURITY CAPABILITIES AS A SERVICE.

Which are the security issues? How can we assure the appropriate security posture?

Context-Aware Security

Legal Issues

​Reply has developed a proprietary and dedicated​ framework to allow enterprises to manage the IT Consumerization phenomena assuring an adequate security posture.

MONITOR & IDENTIF​Y

​EVALUATE

OPERATE

MANAGE & SECURE

Reply has developed a proprietary and dedicated framework to allow enterprises to manage the IT Consumerization phenomena assuring an adequate security posture.

MONITOR & IDENTIFY

EVALUATE