Organizations of all sizes are facing fresh security challenges in the year ahead, due in a large part to bring your own device (BYOD) programs, social media networks and the general "consumerization" of IT, according to a report from information services specialist Wisegate.
These threats from devices, applications and services, which are no longer fully under the control of an official IT department, introduce a wide range of IT security threats that are completely unintentional but no less real. The report said allowing workers to use their own mobile devices, be they smartphones, tablets or notebook computers, presents a serious threat to network and data security.
Chief security officers (CSOs) are concerned about the theft, loss or leakage of company data, proper storage and transmittal of company data such as storage in the cloud or transmittal through popular services like Dropbox. They also worry about the limitations of managing devices and how far the organization can, or should, go toward locking down devices. CSOs are also concerned about malware and spyware aimed at mobile devices, and how (or even whether) to support a growing number of devices that use a variety of operating systems, applications, firmware and mobile carriers.
Social media is another area where platforms like Twitter, LinkedIn or Facebook could be used for spear-phishing attacks and may potentially reveal confidential company information. The report cautioned that there is a need for enforceable policies and procedures as well as awareness training to help control the type of information workers share on a personal level when it might be connected with work assets.
Consumerization of IT represents a challenge that encompasses social media and BYOD and goes beyond those platforms, as employees increasingly use applications and devices for work that were initially designed for private personal use. Cloud storage sites, while easy to use and readily available, lack security tools that could spur data leakages or other security breaches.
Unsurprisingly, data protection issues are a major concern for CSOs in light of the trends mentioned above. The report recommended businesses implement programs to combat security issues and raise employee awareness to ensure that sensitive company data isn't winding up in the wrong places. Losing track of data was also cited as a major issue for businesses, especially as the rise of big data has organizations struggling to cope with a deluge of data that must be analyzed, categorized and safely stored away in a secure location.
"IT operations and [information security] professionals have their work cut out for them in the year ahead. Though security threat vectors are changing, the underlying principles of how to address them are not. It's important to get out in front of potential threats and involve everyone in the organization," the report concluded. "Increasing employee security awareness and convincing workers to adopt more prudent behaviors will go a long way in complementing the technology-based solutions that organizations deploy to protect their network and information assets."