Research Tackles Mounting Risks from Mobile Devices in the Enterprise
RSA, The Security Division of EMC, released a new research report from the Security for Business Innovation Council (SBIC) that addresses the continued surge of consumer mobile devices in the enterprise and shares security leaders' insights on how to manage the fast-changing mobility risks while maximizing business opportunities.
Mobile threats are developing quickly and technologies keep shifting creating new security holes. As more and more consumer devices access corporate networks and store corporate data, potentially devastating consequences range from the loss or leakage of valuable intellectual property to brand damage if fraudulent access results in a high-profile security breach. The Council consensus is that the time is now for enterprises to integrate risk management into their mobile vision. The potential benefits include increased agility, improved productivity, faster sales, and reduced costs. Capitalizing on the business opportunities of mobile computing is only possible if enterprises know the risks and how to manage them.
In the report, the Council presents five strategies for building effective, adaptable mobile programs:
Establish mobile governance – Organizations should engage cross-functional teams to set clear ground rules. Every mobile project should start by defining business goals, including expectations of cost savings or revenue generation, and by establishing the level of risk that the organization is willing to accept to achieve those goals.
Create an action plan for the near-term – Mobile security technologies are fast-moving and, in many cases, too nascent to allow organizations to make long-term mobile security investments. The Council lays out several stop gap measures and key steps to take over the next 12-18 months.
Build core competencies in mobile app security – Knowing how to design mobile apps in a way that protects corporate data is absolutely critical, yet many information security teams do not have the necessary level of expertise. The Council emphasizes it's not just about bolting on security, but requires a careful examination of the app's overall functionality and architecture, and they provide key design criteria.
Integrate mobility into long-term vision – Numerous trends are affecting long-term risk management planning. Organizations need to update their approach to security including risk-based, adaptive authentication; network segmentation; data-centric security controls; and cloud-based gateways.
Expand mobile situational awareness – Corporate security teams should deepen and continually refresh their understanding of the mobile ecosystem.
PwC Survey finds that Private Companies see Business Benefits in Formal Corporate Governance
A large majority of private companies (80%) are adopting specific corporate governance practices to help them successfully navigate an increasingly complex and volatile business landscape, according to PwC US’s latest Private Company Trendsetter Barometer survey. Corporate governance at those companies takes the form of official policies promoting oversight and accountability in a variety of areas, including financial reporting, corporate strategy, and risk management. Nearly all (89%) of private companies that embrace corporate governance appear to do so voluntarily.
Balancing Immediate Concerns with the Long View
Although private companies do not face the short-term, quarterly-earnings pressure that their public counterparts confront, financial concerns remain pressing for many private businesses in today's still-challenging economy. A majority of Trendsetter companies are nonetheless applying corporate governance principles to long-term corporate strategy. An even greater percentage, however, are applying those principles to more-immediate issues, such as financial reporting and fiscal planning. Private companies are less focused on succession planning -- just one-third of them have a formal, documented succession plan.
Main areas of corporate governance at private companies:
Survey: U.S. Corporations Aim to Tackle IT Challenges with Cloud Computing
Forty-four percent of U.S. executives aim to tackle current IT challenges through leveraging cloud solutions, and they are planning to invest more in cloud computing in the future. That is the finding of an IDC survey commissioned by T-Systems. Corporations expect cloud computing to deliver lower IT costs (26 percent) and to enable them to replace legacy systems (21 percent) and adopt new applications more flexibly (14 percent).
Cloud computing is seen as most likely to deliver solutions for Customer Relationship Management (31 percent), productivity tools like email, collaboration or Office packages (28 percent), online stores, and Enterprise Relationship Management (26 percent each).
Corporations continue to have reservations about security, but they are no longer the decisive criterion against cloud. The concept of security now extends to issues such as how cloud computing will impact compliance requirements or data availability. That is prompting corporations to consider the right cloud type and cloud service needed. Enterprises see an opportunity in the private cloud for providers to fulfill their security requirements and agree on service level agreements. 40 percent of U.S. respondents have implemented a private cloud strategy while only 13 percent are relying on public cloud and 16 percent on hybrid cloud solutions.
In the course of adopting cloud computing, enterprises are increasingly considering new service providers, and they are also considering providers whose services they have not previously used. In ERP more than half are considering providers with whom they have had no previous experience.
Survey Exposes Concerns about Employee Privacy for BYOD
Fiberlink, a provider of cloud-based solutions for secure mobile device management (MDM) and mobile application management (MAM), announced the results of a Harris survey revealing that business users are alarmed about employers' ability to access and collect personally identifiable information (PII) through mobile devices, such as iPhones, iPads and Androids.
As the Bring Your Own Device (BYOD) trend sweeps across the business world, it raises a significant management challenge for companies and has implications that go beyond the IT department. Although many may not know it, some employers are able to track employee locations during work and non-work hours, which applications they've installed and review or delete personal pictures and music.
The survey found that business users are overwhelmingly concerned, and would not allow employers to have this access into their personal lives.
The results show significant employee concern:
82 percent of respondents consider this ability to be "tracked" an invasion of their privacy. Tracking is easily accomplished through a number of technologies built into most of the popular smartphones. Tracking with an MDM solution can be accomplished using GPS and triangulation, which provides a company with a way to locate where a device is physically located.
Similarly, 76 percent of respondents would not give their employer access to view what applications are installed on their personal device. What users install on their personal device is considered private information.
75 percent of respondents would not allow their employer to install an app on their personal phone which gives the company the ability to locate them during work and non-work hours in exchange for receiving corporate email and gaining access to other corporate resources.
Business users expressed a great deal of concern about their employers looking into their lives. In fact, very few respondents expressed no concern.
82 percent are concerned to extremely concerned about their employers tracking websites they browse on personal devices during non-work time
86 percent are concerned to extremely concerned about the unauthorized deletion of their personal pictures, music, and email profiles
Only 15 percent are not at all concerned about employers tracking their location during non-work time
Only 15 percent are not at all concerned about employers tracking personal apps installed on their devices
CIOs Top 10 Priorities as Planning for the New Year Begins
Will the economy recover? What technology will drive the next 12 to 18 months? How can service levels be improved? These are just some of the questions that CIOs are asking as they start the budgeting process.
The Top Ten concerns CIOs are including in planning for the new year are:
1. Budgets – Budgets have never been tighter. Organizations are striving to keep tight control over expenditures, even though they still need innovative technology to keep ahead of the competition.
2. Staffing – Recruiting, managing and training staff are the most pressing concerns for CIOs as they are pressured to keep headcounts down while improving service levels.
3. Security – Internal and external threats are on the increase, especially as enterprises continue to increase the growth of mobile and wireless based applications.
4. Compliance – Security and compliance work together for CIOs as many governance and compliance regulations were spawned from risk management and directly affect security.
5. Resource Management – Enterprise management now demands more efficient processes. CIOs must now allocate more of their time and resources they used to spend on legacy maintenance on more productivity activities.
6. Infrastructure – Updating technology infrastructures and keeping the backbone of an organization’s IT up to date consumes more resources.
7. Business Alignment – Keeping IT strategy in line with business strategy is something CIOs have become masters of, but it is still one of the areas that is resource intense.
8. Managing Users – CIOs must prioritize the needs of their users and customers. Excellent customer service and cost effectiveness in driving the business forward are the two overlying themes for many businesses.
9. Managing Change – The fast moving pace of technological innovation means change is a guaranteed part of the CIO’s role. But the way they manage its effect on the business is more critical. As business processes change, changes in organizational cultures and how they affect people are very high on the CIO’s agenda.
10. Organizational Politics – To manage change and integration effectively, CIOs need the support of their senior management team. The success of change management programs and the contribution IT can make to those depend heavily on the support and drive of senior managers. If the CIO lines of report – CEO, CFO or COO -understand the power of transformational IT investment and if a CIO can educate and communicate what is possible.