Private life in the Cloud

We live in a world of cyber security threats: hackers breaching organisational firewalls, Wikileaks publishing private state documents, and employers tracking cyber activity for productivity sakes.  Privacy, in relation to digital data, is a hazy topic.

The internet alone is increasingly being used as a medium to collect information for consumer profiling. According to Nielsen’s 2013 Australian Online Consumer report, 17.2 million Australians accessed the internet in the month of July and spent an average of 38 hours online across 60 sessions.

As more and more Australians surf the internet, check their mail, shop online, apply for jobs, or simply socialise with friends, they are leaving a trail of digital data that for some people is a gold mine. This includes email services like Gmail, file storage services like Dropbox, photo galleries like Flickr, and the list goes on. And this is not just on PC’s: laptops, smart phones, tablets, and televisions with internet capability all leave a cyber-trail.

When March 2014 hits, easy access to digital data will no longer be the case. Australia is about to get tougher on its privacy laws: effective March 2014, the 2012 Privacy Amendment Act will require that all Australian organisations, regardless of size and industry, implement open and transparent policies for managing personal data. This may seem simple, but it opens a crevasse of questions: how did you obtain this person’s contact details? Were you transparent in your original address? How are you storing these details? What is the purpose of collecting personal details? Are you sharing them amongst your organisation or more broadly?

These questions relate not only to your employees, but to everyone your organisation interacts with: stakeholders, customers, past employees, marketing databases….and the list goes on.

With the clock ticking, there is less than a year remaining until privacy is changed forever. Yet the implication of privacy is rarely discussed.  The question is: are businesses prepared? The answer is, more likely than not, no. If personal data is not adequately handled, organisations may be liable and can be imposed with fines of up to $1.7 million for an organisation and $ 370,000 for an individual.

As the generation of digital data continues to grow exponentially, it provides challenges for corporates to correctly manage, store and secure it. The pressure is on and the onus is on all companies to evaluate:
– Who ‘’owns’’ the privacy realm within their organisation?
– When was the last time an organisation reviewed their privacy policy?
– And if they have the necessary approvals to use third party data?

Achieving data privacy is a challenge for all organisations and the amount of work that needs to be done should not be underestimated. There is no time like the present to consider how to manage risk involved– what is lacking, what policies need to be put in place, and what needs to change.

1) Conduct a Privacy audit
Organisations need to implement a privacy audit which evaluates the type of sensitive information held by an organisation. This sensitive information can refer to employees’ personal details such as their tax file number or Medicare number and includes whether or not you have the rights to audit and access information, as well as the timely return of information when an agreement ends.  Analyse each aspect of this process which includes the collection, retention, use, and disclosure of personal information and determine risk levels. In cases where an organisation uses a cloud provider, it is important to understand who the stakeholders are, what their roles and responsibilities include, and where data is located and replicated.

Ask yourself: is third party data simply stored or is it being mined for advertising and marketing purposes?

2) Data protection and privacy impact strategy
Develop a comprehensive data protection and privacy strategy which focuses on integrating data protection and privacy processes while sustaining efficiency and long-term growth objectives. An organisation’s privacy strategy needs to be integrated with the overall risk and project management framework. It is also equally important for organisations to update their privacy policy regularly and seek input from legal advisors with specific knowledge regarding privacy laws where needed.

Ask yourself: what happens in the event of a data breach?

3) Create privacy policies and procedures 
Develop policies and procedures that clearly state the importance of protecting sensitive information stored in-house or in the cloud which complies with the requirements of the Australian Privacy Principles (APPs).  An organisation needs to take measureable steps to protect the personal information it holds from misuse. This includes mechanisms to protect and manage the information, including disaster recovery processes to protect against data loss. An organisation’s legal advisor needs to fully understand the nature of both the cloud and privacy requirements and should be able to tailor the legal protections in your agreement.

Ask yourself: what are the privacy policies that your organisation needs? Understand your key areas of weakness so you can develop a plan to protect data.

4) Ensure accuracy and transparency of all personal information held 
Personal information collected by an organisation needs to be accurate, complete, and up to date. Customers should have access to their information and make corrections if required. For instance, if an organisation holds a database which records the phone number and address of its customers, a process needs to be put in place which allows customers to change or update their details.

Ask yourself: when was the last time you updated your customer database?

5) Appoint a policy offer and train employees to mitigate security risks
Monitoring employees to ensure that privacy policies are applied will be very hard to manage on a daily basis. Transferring knowledge to your employees will identify weakness and help mitigate security risks. This is no simple task. Look at appointing a policy officer that trains employees and regularly monitors content and activity to prevent any violation.

Ask yourself: is it worthwhile hiring a policy officer to ensure that a breach does not occur?

But this is just the beginning. Let’s throw a spanner in the works.
Consider all of these advances in the context of data stored in cloud. The list of considerations and concerns gets infinitely bigger. There are different approaches to how privacy is interpreted when it comes to data stored in the cloud space. The following is a general starting point, but not specific advice, as individual circumstances vary and need to be looked at in more detail.

– The Infrastructure as a Service (IaaS) model, where the service provider is responsible for housing customer information and is not involved in any handling or processing of personal information. In this case all obligations to privacy are held with the customer.

– Software as a Service (SaaS) model, where the service provider is responsible and plays an active role in handling and managing customer’s personal information. In such cases, the service provider needs to obtain consent from the customer to hold and or use this information.

– Platform as a Service (PaaS) model, where the service provider delivers tools to enable customers to deploy applications. The service delivery model means that customers need to use best practices and privacy–friendly tools.

Privacy remains a critical component for Australians doing business or simply engaging online. We are entering a challenging new era as tougher privacy laws come into effect. While some Australian companies have already initiated the ground work, others have simply turned a blind eye.

Business owners who want to mitigate risks without sacrificing their ability to do business need to start addressing where they currently stand in relation to digital privacy. Assessing the business structure now will identify strengths and weaknesses, and set the wheels in motion for the new privacy approach.

Original Publication

 

Technology predictions for 2014 & beyond

predicting technology futures – what’s in store for 2014?

Original publication

2013 has seen a number of technologies enjoy varying levels of success and growth, with mobile devices, cloud computing and enterprise app stores all continuing to gain momentum. As I have written about throughout the year on this blog, these technologies have all had that disruptive business model impact which makes them popular and shakes up the existing landscape.

As we approach the end of 2013, I see no reason to expect 2014’s emerging technologies and trends to be any different. So what do we have to look forward to?

wearable technology and absolute mobility

Mobile everywhere and mobile for everything. 2014 will be the year that mobile is ubiquitous, smarter, faster and our reliance on mobile connectivity becomes absolute.

2013 saw the emergence of bring your own device (BYOD) as a mainstream concept, with end-users pretty much eschewing the notion of work/life balance and taking their smartphones and tablets into the workplace as a matter of course and taking their work on the move with them, presenting companies with new security challenges. But the trend will continue and 2014 will see users expecting to be online in more places than ever, at high speeds and with more robust security levels.

This increased mobility will continue to be driven forward by the latest advances in mobile devices, with wearable technology to the fore. The announcement that Burberry’s chief executive has just jumped ship to join Apple is a good indicator of how technology and fashion will merge over the coming year.Google glasssmartwatches and other wearable devices will all connect to the internet and each other through the Cloud like never before. And speaking of the connected planet. . .

the Internet of things goes mainstream

The internet is dead, long live the internet of things. There are now more networked devices and machines on the planet than there are people and 2014 will see still more devices, appliances and vehicles come online and begin communicating with each other.

The internet as we know it has already changed the world and many aspects of our daily lives. It has benefited businesses, individuals and nations, often helping to transform the way governments deliver education, health and social services and making information more democratically available. The internet of everything addresses the next generation of networked devices, with machine-to-machine (M2M) communications powering new ways of doing everything. Right now our phones and tablets are our most common networked devices, but the internet of things will see the networking of cars, homes, appliances, televisions, meters, indeed most electrical and electronic appliances and devices. There is even a company in the Netherlands that has helped a farmer to connect his cows.

Forecasts vary, but recent research projects that by 2020 there will be 75 billion ‘things’ connected to the internet and communicating with one another. 2014 will be the year that everything being networked goes mainstream.

hybrid cloud and XaaS model

2014 will see IT architectures continue to evolve and bring greater flexibility to companies and end-users. In previous blogs I have written about the future impact of cloud computing on various IT disciplines, notably procurementstorage and business continuity and even the role of the traditional CIO.

The cloud will continue to transform throughout the coming year, and the direction it will take will be that of hybrid cloud. Companies with private cloud architectures in place should be ready to embrace personal cloud and make the shift to the hybrid model. The hybrid approach gives organizations greater operational flexibility and optimized costs without compromising security. Network performance is improved too.

The ‘as a service’ (XaaS) model will continue to grow in popularity as well, as organizations adopt its agility and flexibility benefits while also recognizing that the OPEX model carries major advantages over the traditional CAPEX, investment-up-front approach.

software-defined architecture

Software-defined architecture will also come to the fore in 2014 – a practice whereby the software or the application defines the purpose of the device itself. This can be a storage device or a server, or a personal device such as the music boxes or wristband and apps that tracks how you sleep, move and eat—then helps you use that information to feel your best. The function defines the form.

The software-defined approach can help revolutionize the way we program, use and interact with devices because it makes them completely customizable. Devices of any kind will become defined by their apps, making them directly programmable, more agile, centrally managed and configurable and giving us greater control.

share, share and share again

End-users are now, thanks to the rise and rise of social media, so used to sharing that it is second nature. There are now 1.15 billion active Facebook users and over 288 million active Twitter users, all sharing thoughts, information, news, opinions and more, all the time. There have been more than 16 billion photos shared on Instagram. And this is just the beginning.

3-D printing is one area where the sharing of ideas and designs is going to take off in a big way in 2014 and beyond. Sales of 3-D printers are forecast to grow by 75 per cent in 2014, as the technology takes hold in the mainstream. 3-D printing could have a massive impact on many industries, not least the manufacturing sector. It represents a new way of sharing, with companies no longer needing to produce things the same way. For example one company or individual can come up with a design or bright idea one day and that design can be shared and copied tomorrow. Manufacturing, product development, design and prototypes – all of these disciplines could be hugely affected. This does of course present a challenge similar to that faced by the music and movie industries; when you have moved from the physical world to the virtual, and people are so used to sharing, how do you protect intellectual property? Innovative smart machines may be the solution to that. But that’s for another blog post.

Happy 2014.

Original Publication

Digital Futures

Today cloud is about more than “just‟ cost reductions.

Research shows that 74% of companies that invest in were more competitively agile.

<div style=”margin-bottom:5px”> <strong> <a href=”https://www.slideshare.net/gordonmakryllos/digital-futures&#8221; title=”Digital Futures” target=”_blank”>Digital Futures</a> </strong> from <strong><a href=”http://www.slideshare.net/gordonmakryllos&#8221; target=”_blank”>gordonmakryllos</a></strong> </div>

More details can be found at ……    Digital Futures 

Cloud is home to next generation storage and business continuity

I’ve written several times recently on the disruptive nature of cloud computing and how its omnipresent nature is removing complexity from traditional business processes and practices. Another increasing trend I am seeing is significant change in business continuity (BC) and disaster recovery (DR) options driven by cloud technologies.

Most senior business leaders have been involved in some level of ICT disaster recovery at one time or another throughout their careers, and they can be stressful times. Sensitive corporate data is thrown into the wind, private employee information can also be put at risk, and daily business operations are disrupted by something more often than not beyond your control.

The key to ensuring smooth BC in the event of an unforeseen emergency is to have backup systems in place in at least one other location to allow your organization to transfer operations and processes – and today the cloud is providing a truly viable, cost-effective and flexible alternative location.

a question of costs

The cloud did take a little while to gain the trust of business owners and leaders, particularly when it comes to the storage of sensitive and confidential company information. There was a fear factor in place for quite a long time, but as the cloud continues to become an accepted mainstream tool, that attitude is changing.

With greater acceptance, more organisations are exploring cloud storage for BC and DR purposes. A number of cloud service providers now offer Backup “as-a-Service” and organisations are considering the many benefits of this option for cloud-based BC and DR  for servers and PCs, which can be scaled up or down depending on customer need.

It is this flexible nature which, as with all things cloud, is proving popular; customers want to control their costs and a cloud-based backup solution helps them to reduce their CAPEX outlay. There is no need for unnecessary in-house infrastructure for backup and storage since it is hosted in the cloud under the as-a-service model, freeing up budget and also internal data center capacity for other purposes.

gathering momentum and trust

BC and DR “as-a-Service” offers  real opportunity, and one which is only really beginning to be fully understood by customers who have long been used to the off-site but on company premises backup approach. We are in the Big Data era, meaning that as companies continue to build up more IT assets – laptops, PCs, tablets and smartphones – they are generating more data than ever before. As such more storage than ever is needed and storage costs are escalating.

So as organisations look to manage these escalating storage costs, one of the options is to engage with a cloud provider to investigate alternative storage and backup systems.  Cloud providers who can mutualise their costs across multiple user organisations and reduce costs can offer significant savings (in some cases as much as 50%) by taking BC and DR strategy into the cloud. But as with any other disruptive technology, there is a learning curve involved – some companies still need to get out of their comfort zones to reap the benefits of the cloud. The positive side for them is that in many areas of their business they are already doing just that; most organizations already engage with numerous third-party suppliers for business-critical services and processes. So the step into BC and DR in the cloud need not be such an intimidating one.

Industry research backs up the trend. IDC predicts that over 102 exabytes of external storage capacity will be sold in 2017, up from 20 exabytes in 2012, while the next four years will see external storage space purchased by companies grow by between 30 per cent and 40 per cent.

picking the right way forward

But companies need to decide the right way forward for their needs. Having decided to place BC and DR in the cloud, should they choose public, private or hybrid? There are many different options available on the market, but organizations must be wary of merely selecting an anonymous black box – their cloud storage solution can end up being based on no relationship with the supplier, without any visibility and only interacting via a web interface.

So it is worth evaluating the hybrid cloud approach which gives you a more traditional relationship with your supplier, including SLAs, greater trust and an on-going partnership – global enterprise organizations in particular need this kind of underpinning.

be aware of the pitfalls

So while evaluating the many benefits of BC and DR in the cloud, companies do still need to be aware of the potential hazards. Since breaking onto the scene as a disruptor, the cloud has almost become something of a drug. We utilize the cloud for so much of our daily lives now, both personal and professional, that it can become second nature and somewhat taken for granted. Consider the many stories of tourists going on holiday only to return home to massive roaming charges from their mobile service provider – this second nature of the cloud can mean racking up out of sight, out of mind bills.

So once you decide to take an as a service approach to storage and backup, be aware that you are now in the massive content and data generation era. A staggering 90 per cent of all the data generated ever has been generated over the last two years, and it all needs to be stored and backed up somewhere. We are creating more and more data all the time, and show no sign of stopping any time soon. But with organizations needing to manage this on-going data explosion on a cost-effective basis, I believe that the era of cloud storage and backup based on the OPEX model has truly arrived.

Original Publication

 

Unified communications: leading the cloud revolution

The term unified communication (UC) is a popular subject that has been floating around the workplace for some time….but is it really an essential component for businesses today? Do employees, or businesses for that matter, really understand the pros and cons?

The problem with the current workforce is that it is dependent but scattered: 78 per cent of workers are part of global teams that can be scattered across the world.

Being part of the global workforce isn’t in itself a hindrance: technology allows communication. It is estimated that the average worker carries 2.9 devices, increasing their accessibility. While having multiple devices – from email, to mobile phones, to desk phones, to videoconference and beyond – should make getting in touch with someone easier, it can actually hinder the process.

A simple example is this: calling someone on their office phone could see you leaving a message at reception, to be emailed to their inbox with the request to call you back. Ultimately, the excess in opportunity to contact someone wastes time and resources.

Unified communications (UC) is a solution that streamlines this process, uniting full time employees, managers, top level staff and part time workers to communicate in a new way, across broad geographic space and time zones.

UC integrates a variety of communication tools, from the traditional non real- time to the advancing real- time. Simplified down, a unified communications system should have five core capabilities: email, telephony, real time communications, calendars and directory services.

Originally, UC was the natural progression for a world where multiple communications channels could be accessed all at once. Now, however, it is a strategic business choice which enables easier workflows and more efficient workplace operations. According to a report by Frost and Sullivan, globally, the UC market is expected to grow from US$1144.8 million to US$2287.6 million by 2019.

The network effect

Regardless of the catalyst, as an organisation moves to UC, a platform can be adopted to integrate with existing frameworks – be it emails with a particular provider or a cloud solution. The UC platform, Unified Communications as a Service (UCaaS), intrinsically changes processes within an organisation. As UCaaS takes hold, employees begin working more efficiently, adapting to the ease of communicating in real time via a single interface, but across multiple communication styles.

This hyper connectivity will benefit performance and capability but could also cause network performance issues. Things that need to be considered are:

– An increase in network traffic and applications and the need to address incidents
– Monitoring UC components to assess if they are working correctly across the network
– In-depth or packet level monitoring

With the growth of unified communications and additional new applications, the management of each new service is becoming far too complex for IT departments. Finding the right UCaaS provider can actually address all of these issues, by generating a customised and optimised solution strictly for your business.

If UCaaS is running optimally, the benefits to the end user and the broader business are extensive. Shorter time frames and less follow-ups results in increased productivity. The allowed interactivity can also increase decision making, reducing time lines, and increasing satisfaction and budget delivery.

Data, cloud and the security conundrum

These benefits are undeniable, which largely explains why 88% percent of enterprises have deployed or are planning UC deployment. Increasingly, UCaaS is deployed across a hybrid cloud scenario. In any business running UC, unstructured data is being created, and at a rapid pace. When UC is run either wholly or partially via the cloud, this data and the security risks alongside it increase.

The cornerstone of a successful UC implementation is having up-to-date accurate user information. This raises the question of security and privacy. Do I really want others to see my personal details?

The implementation of UC also changes business workflow and the need of a middle man to assign telephony UC. Some other core security threats include:

• Host and network-based intrusion – something that we have lived with since the dawn of computer technology.
• A VoIP-enabled form of phishing – basic phishing techniques are applied to the UC suite, meaning confidential information can be revealed over the phone by appearing to call from an official location, but actually infiltrating the organisation.
• Toll fraud – the incorrect lodging and pricing of media traffic (images, videos etc.) and voice and video calls. Toll fraud means that attackers can create a video call, but it appears as a telephone call. This misrepresentation means incorrect charging and scamming the system.

The top concern for organisations is the tapping of endpoint UC devices – laptops, smart phones etc. These breaches could infiltrate VoIP, IM or other traffic, potentially unleashing not only sensitive organisational information in the form of documents, but intercepting telephone calls, and sensitive emails. While this is the base level risk of unauthorised access, the next step is an organisation’s full network security being compromised. If a hacker infiltrates the network, there is the potential to not only access information but launch attacks and alter network settings – jeopardisinge the organisation on many levels.

These kinds of malicious attacks can come in many forms. Two common ones are denial of service attack and platform compromise. While different styles of attacks, both disrupt the communications infrastructure on different levels and in different manners.

Companies of all sizes are adopting unified communications and the collaboration capabilities it fosters to boost productivity and innovation, increase mobility and enhance flexibility. However the risks apparent in the cloud environment are also booming in.

UCaaS is the turning point for communications as we know it, and the way the cloud is utilised. At the beginning of this, the cloud revolution, we are looking to a more interactive, available yet accommodating time. To ensure that as UC takes hold of business it maintains the same robust nature and safety standards we are used to, the same considerations need to be at play. The same guidelines need to be put in place, including:

1. Develop a strong defence strategy
Assess the enterprise infrastructure and identify where vulnerabilities lie and how infiltrations could occur. Look at servers, endpoint UC devices and the actual network. Your security strategy should already address these core areas, but launching into the field of UC only enhances the demand.

2. Secure your infrastructure
As UCaaS becomes a reality, your organisation needs to build a secure infrastructure. This includes all aspects of ‘locking down’ your organisation, from data regulations, to securing PCs and tablets to the phone network and the protection, integrity and confidentiality of calls.

3. Check the legal side
The platform that you deploy UC on might be stock standard or could be strategically developed for your organisation. In any scenario, you need to ensure that the platform complies with all relevant laws and regulations of your region.

Original Publication

 

Unified Communications: Leading the Cloud revolution

Original Publication

The 101 of UC

The term unified communication (UC) is a popular subject that has been floating around the workplace for some time….but is it really an essential component for businesses today? Do employees, or businesses for that matter, really understand the pros and cons?

The problem with the current workforce is that it is dependent but scattered: 78 per cent of workers are part of global teams that can be scattered across the world.

Being part of the global workforce isn’t in itself a hindrance: technology allows communication. It is estimated that the average worker carries 2.9 devices, increasing their accessibility. While having multiple devices – from email, to mobile phones, to desk phones, to videoconference and beyond – should make getting in touch with someone easier, it can actually hinder the process.

A simple example is this: calling someone on their office phone could see you leaving a message at reception, to be emailed to their inbox with the request to call you back. Ultimately, the excess in opportunity to contact someone wastes time and resources.

Unified communications (UC) is a solution that streamlines this process, uniting full time employees, managers, top level staff and part time workers to communicate in a new way, across broad geographic space and time zones.

UC integrates a variety of communication tools, from the traditional non real- time to the advancing real- time. Simplified down, a unified communications system should have five core capabilities: email, telephony, real time communications, calendars and directory services.

Originally, UC was the natural progression for a world where multiple communications channels could be accessed all at once. Now, however, it is a strategic business choice which enables easier workflows and more efficient workplace operations. According to a report by Frost and Sullivan, globally, the UC market is expected to grow from US$1144.8 million to US$2287.6 million by 2019.

The network effect

Regardless of the catalyst, as an organisation moves to UC, a platform can be adopted to integrate with existing frameworks – be it emails with a particular provider or a cloud solution. The UC platform, Unified Communications as a Service (UCaaS), intrinsically changes processes within an organisation. As UCaaS takes hold, employees begin working more efficiently, adapting to the ease of communicating in real time via a single interface, but across multiple communication styles.

This hyper connectivity will benefit performance and capability but could also cause network performance issues. Things that need to be considered are:

– An increase in network traffic and applications and the need to address incidents
– Monitoring UC components to assess if they are working correctly across the network
– In-depth or packet level monitoring

With the growth of unified communications and additional new applications, the management of each new service is becoming far too complex for IT departments. Finding the right UCaaS provider can actually address all of these issues, by generating a customised and optimised solution strictly for your business.

If UCaaS is running optimally, the benefits to the end user and the broader business are extensive. Shorter time frames and less follow-ups results in increased productivity. The allowed interactivity can also increase decision making, reducing time lines, and increasing satisfaction and budget delivery.

Data, cloud and the security conundrum

These benefits are undeniable, which largely explains why 88% percent of enterprises have deployed or are planning UC deployment. Increasingly, UCaaS is deployed across a hybrid cloud scenario. In any business running UC, unstructured data is being created, and at a rapid pace. When UC is run either wholly or partially via the cloud, this data and the security risks alongside it increase.

The cornerstone of a successful UC implementation is having up-to-date accurate user information. This raises the question of security and privacy. Do I really want others to see my personal details?

The implementation of UC also changes business workflow and the need of a middle man to assign telephony UC. Some other core security threats include:

• Host and network-based intrusion – something that we have lived with since the dawn of computer technology.
• A VoIP-enabled form of phishing – basic phishing techniques are applied to the UC suite, meaning confidential information can be revealed over the phone by appearing to call from an official location, but actually infiltrating the organisation.
• Toll fraud – the incorrect lodging and pricing of media traffic (images, videos etc.) and voice and video calls. Toll fraud means that attackers can create a video call, but it appears as a telephone call. This misrepresentation means incorrect charging and scamming the system.

The top concern for organisations is the tapping of endpoint UC devices – laptops, smart phones etc. These breaches could infiltrate VoIP, IM or other traffic, potentially unleashing not only sensitive organisational information in the form of documents, but intercepting telephone calls, and sensitive emails. While this is the base level risk of unauthorised access, the next step is an organisation’s full network security being compromised. If a hacker infiltrates the network, there is the potential to not only access information but launch attacks and alter network settings – jeopardisinge the organisation on many levels.

These kinds of malicious attacks can come in many forms. Two common ones are denial of service attack and platform compromise. While different styles of attacks, both disrupt the communications infrastructure on different levels and in different manners.

Companies of all sizes are adopting unified communications and the collaboration capabilities it fosters to boost productivity and innovation, increase mobility and enhance flexibility. However the risks apparent in the cloud environment are also booming in.

UCaaS is the turning point for communications as we know it, and the way the cloud is utilised. At the beginning of this, the cloud revolution, we are looking to a more interactive, available yet accommodating time. To ensure that as UC takes hold of business it maintains the same robust nature and safety standards we are used to, the same considerations need to be at play. The same guidelines need to be put in place, including:

1. Develop a strong defence strategy
Assess the enterprise infrastructure and identify where vulnerabilities lie and how infiltrations could occur. Look at servers, endpoint UC devices and the actual network. Your security strategy should already address these core areas, but launching into the field of UC only enhances the demand.

2. Secure your infrastructure
As UCaaS becomes a reality, your organisation needs to build a secure infrastructure. This includes all aspects of ‘locking down’ your organisation, from data regulations, to securing PCs and tablets to the phone network and the protection, integrity and confidentiality of calls.

3. Check the legal side
The platform that you deploy UC on might be stock standard or could be strategically developed for your organisation. In any scenario, you need to ensure that the platform complies with all relevant laws and regulations of your region.

 

Mobility and the mobile workspace: the new demands on the CIO

Technology, as we knew it, is no longer relevant. Every day we are bowled over with a new app, toy or technique. We are moving to a world of smart technology at a pace that is almost impossible to keep up with.

The era of “smart technology” spans the time of smart phones, 3D printers, and beyond. A recent survey by Forrester Research anticipates that shipments of wearable computing devices will reach almost 30 million units this year. This realm is undefined and endless, and relates to anything from items tracking physical activity, to Bluetooth connected watches and the much anticipated Google glasses. 3D printers, currently fitting the bill for the art world alone, are expected to cost less than some PC’s by 2016, at under $2000.00 US dollars. The possibility is endless.

And now, with tablets expected to outsell laptops this year, this mobility aspect is become less and less a preference or request but rather a demand of employees.

The role that consumerism and trend technology plays in driving business structures and styles can no longer be ignored. Gartner expects that 80 percent of organisations will support a workforce using tablets by the end of 2013. This expectation will have a flow on effect: whether organisations are supplying the tablets, or supplying the application and platform for a personal device to be used in a corporate manner.

Regardless of the process, the outcome is the same. Business is changing, and it is becoming increasingly difficult to keep up. The majority of organisations across the world, are not ready to house these technologies. The time has come for a new approach.

The context surrounding this change is also moving at what appears to be the speed of light. Faster broadband availability and the increasing availability of 4G networks will help enhance the way employees use mobile devices, and give further incentive to those considering investing in one.

From the perspective of the CIO, these new networks could redefine business practice and process, offering potentially game changing opportunities.

Working in parallel to these advances is the announcement of new privacy laws legislation. This herald’s big change on the horizon, changes that the CIO needs to understand and incorporate.

To throw a spanner in the works, let’s consider all of these advances in the context of the cloud.

Couple this with Gartner’s expectation that by 2014, 90 per cent of organisations will support corporate applications on personal devices, and you have a problem.

Data is now a defining factor. If the majority of employees start using devices, like tablets, to access both corporate applications and personal data and data security have the potential to spiral out of control. So pertinent questions are begging to be answered:

How safe is the cloud?
What is actually stored in the cloud?
How it is stored?

The list goes on. The combination of the growth in mobility and the continued dominance and reliance on the cloud means CIOs must start considering their organisational structure and if it can cater to this changing environment.

There is no time like the present to consider how to manage risk in the mobile cloud space – what privacy safe guards and good parameters are in place, and what needs to change.

1. Define your organisational policies in relation to Bring Your Own Device (BYOD)

BYOD is a phenomenon occurring in every organisation regardless of size and structure. You must assess whether or not BYOD can have a negative effect on your organisations workings – Is your bandwidth being compromised? Is it introducing large security risks to your network?

Your organisation may decide to ban BYOD and supply devices, or alternatively to create a more structured and regimented use of BYOD through the use of dedicated access points and tracking usage and activity.

Assessing current usage patterns and doing a cost analysis is a good step towards understanding employee and business requirements alike.

2. Assess network based security policies

This is especially relevant for companies who encourage the use of BYOD and don’t offer other devices. Setting these policies up can be difficult and time consuming, but it is an effective way of regulating consumer behaviours and enforcing some hard limits.

Often the issue with BYOD is that there is no limit defined, so building from the bottom up will allow you to gain an understanding of current usage, expectations, and develop a framework to cater these to the organisation’s security benefit.

3. Manage risk across multiple device platforms

Mobility trends encompass smart phones, tablets, PCs, laptops and the next generation of wearable computing devices, including items like the Jawbone UP system. This then becomes a multi-platform environment.

When your employees are reading emails on a smart phone, updating documents on a tablet, and downloading information on a laptop, there is inherent risk. For CIOs, managing risk becomes so much more difficult because each platform is different, and so each platform needs a tailored policy. Investigating and investing in a security policy that addresses all known device platforms will dramatically reduce risk and secure organisational information.

4. Controlling data on the cloud – centrally managing user accounts

Because the cloud is an essential storage device, you need to understand how to control the data you are storing. When you have multiple users in multiple locations moving in and out of your cloud, there is an increased likelihood that something could go wrong. You need to control the way your users can use the cloud, and what they can access. Your cloud service provider should allow you to manage user accounts, create shared folders to enhance collaboration, restrict access based on managerial level, and other tailored solutions to ensure a secure space when dealing with a mobile workforce.

5. Develop a policy plan and take control

The development of a security policy should be organic. After running through steps one through four – define, assess, manage and control – you should already understand what you need in your organisation’s policy.

Your policy should aim to minimise the use of rogue cloud usage by employees, ultimately reducing the likelihood of unfriendly events such as data leakage, malware outbreaks, or hacker theft. To be sure nothing slips through the cracks, develop a list of your top ten concerns, and then make sure these are addressed in your policy.

Some questions you might like to consider include: do we have an existing policy we need to adapt? Where is our data going to be stored? Does the service provider have any ownership of your data? What is the financial credibility of the provider? If things go wrong, what is our exit strategy?

Original Publication