Mobility and the mobile workspace: the new demands on the CIO

Technology, as we knew it, is no longer relevant. Every day we are bowled over with a new app, toy or technique. We are moving to a world of smart technology at a pace that is almost impossible to keep up with.

The era of “smart technology” spans the time of smart phones, 3D printers, and beyond. A recent survey by Forrester Research anticipates that shipments of wearable computing devices will reach almost 30 million units this year. This realm is undefined and endless, and relates to anything from items tracking physical activity, to Bluetooth connected watches and the much anticipated Google glasses. 3D printers, currently fitting the bill for the art world alone, are expected to cost less than some PC’s by 2016, at under $2000.00 US dollars. The possibility is endless.

And now, with tablets expected to outsell laptops this year, this mobility aspect is become less and less a preference or request but rather a demand of employees.

The role that consumerism and trend technology plays in driving business structures and styles can no longer be ignored. Gartner expects that 80 percent of organisations will support a workforce using tablets by the end of 2013. This expectation will have a flow on effect: whether organisations are supplying the tablets, or supplying the application and platform for a personal device to be used in a corporate manner.

Regardless of the process, the outcome is the same. Business is changing, and it is becoming increasingly difficult to keep up. The majority of organisations across the world, are not ready to house these technologies. The time has come for a new approach.

The context surrounding this change is also moving at what appears to be the speed of light. Faster broadband availability and the increasing availability of 4G networks will help enhance the way employees use mobile devices, and give further incentive to those considering investing in one.

From the perspective of the CIO, these new networks could redefine business practice and process, offering potentially game changing opportunities.

Working in parallel to these advances is the announcement of new privacy laws legislation. This herald’s big change on the horizon, changes that the CIO needs to understand and incorporate.

To throw a spanner in the works, let’s consider all of these advances in the context of the cloud.

Couple this with Gartner’s expectation that by 2014, 90 per cent of organisations will support corporate applications on personal devices, and you have a problem.

Data is now a defining factor. If the majority of employees start using devices, like tablets, to access both corporate applications and personal data and data security have the potential to spiral out of control. So pertinent questions are begging to be answered:

How safe is the cloud?
What is actually stored in the cloud?
How it is stored?

The list goes on. The combination of the growth in mobility and the continued dominance and reliance on the cloud means CIOs must start considering their organisational structure and if it can cater to this changing environment.

There is no time like the present to consider how to manage risk in the mobile cloud space – what privacy safe guards and good parameters are in place, and what needs to change.

1. Define your organisational policies in relation to Bring Your Own Device (BYOD)

BYOD is a phenomenon occurring in every organisation regardless of size and structure. You must assess whether or not BYOD can have a negative effect on your organisations workings – Is your bandwidth being compromised? Is it introducing large security risks to your network?

Your organisation may decide to ban BYOD and supply devices, or alternatively to create a more structured and regimented use of BYOD through the use of dedicated access points and tracking usage and activity.

Assessing current usage patterns and doing a cost analysis is a good step towards understanding employee and business requirements alike.

2. Assess network based security policies

This is especially relevant for companies who encourage the use of BYOD and don’t offer other devices. Setting these policies up can be difficult and time consuming, but it is an effective way of regulating consumer behaviours and enforcing some hard limits.

Often the issue with BYOD is that there is no limit defined, so building from the bottom up will allow you to gain an understanding of current usage, expectations, and develop a framework to cater these to the organisation’s security benefit.

3. Manage risk across multiple device platforms

Mobility trends encompass smart phones, tablets, PCs, laptops and the next generation of wearable computing devices, including items like the Jawbone UP system. This then becomes a multi-platform environment.

When your employees are reading emails on a smart phone, updating documents on a tablet, and downloading information on a laptop, there is inherent risk. For CIOs, managing risk becomes so much more difficult because each platform is different, and so each platform needs a tailored policy. Investigating and investing in a security policy that addresses all known device platforms will dramatically reduce risk and secure organisational information.

4. Controlling data on the cloud – centrally managing user accounts

Because the cloud is an essential storage device, you need to understand how to control the data you are storing. When you have multiple users in multiple locations moving in and out of your cloud, there is an increased likelihood that something could go wrong. You need to control the way your users can use the cloud, and what they can access. Your cloud service provider should allow you to manage user accounts, create shared folders to enhance collaboration, restrict access based on managerial level, and other tailored solutions to ensure a secure space when dealing with a mobile workforce.

5. Develop a policy plan and take control

The development of a security policy should be organic. After running through steps one through four – define, assess, manage and control – you should already understand what you need in your organisation’s policy.

Your policy should aim to minimise the use of rogue cloud usage by employees, ultimately reducing the likelihood of unfriendly events such as data leakage, malware outbreaks, or hacker theft. To be sure nothing slips through the cracks, develop a list of your top ten concerns, and then make sure these are addressed in your policy.

Some questions you might like to consider include: do we have an existing policy we need to adapt? Where is our data going to be stored? Does the service provider have any ownership of your data? What is the financial credibility of the provider? If things go wrong, what is our exit strategy?

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags mobilitymobile security

More about CSOForrester ResearchGartnerGoogleJawboneTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gordon Makryllos

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place