Bring Your Own Device (BYOD) will continue to be a primary concern for CIOs in 2014. However, CIOs will have to pay attention to a few twists to the BYOD movement, like BYOI, or Bring Your Own Identity. Unfortunately, as Jake O’Donnell pointed out in a Search Consumerization piece, the budget doesn’t necessarily meet the needs for mobile security, and that’s a problem that CIOs will have to work around.
CIOs will also turn more attention to the cloud, not just to determine how to make data in the cloud more secure but to see how the cloud plays a role in covering network security, as Philip Lieberman, CEO & Founder, Lieberman Software, stated, adding:
CIOs will have to reevaluate proposed security as a service being delivered via the cloud considering that hardware and software will no longer need to be purchased for deployment.
These issues are just the tip of the security iceberg. Overall, the primary challenge for CIOs will be to make sure everyone within the company is on board when it comes to security policy. It appears that 2014 will see a real shift in security concerns and in the way security will work. Education for everyone from the CEO down to every employee who has access to the corporate network will be a must.
Here are the top priorities that CIOs will be (or should be) focusing on in 2014.
BYOD has introduced a ton of new software into most companies, according to Michael Angelo, chief security architect at NetIQ. In the past, CIOs have dealt with the obvious questions of support, interoperability, and (to some extent) security — but they have not looked at software licensing issues. What would happen if the software being used in the company had an education, student, developer or personal license? Ultimately, he said, change to policies and procedures in order to mitigate potential software licensing liability will be an emerging issue in 2014.
But, Angelo added that software isn’t the only concern in the Bring Your Own movement. CIOs will now need to be prepared for BYOI. He explained:
BYOI comes into play whenever consumers or employees use their own third-party identities (example: Google, LinkedIn, PayPal, etc.) to conduct transactions ranging from accessing business services and sharing data to placing ecommerce orders. The advantage comes from being able to provide a level of business relationship without having to create an account. Ultimately the CIO will need to monitor this, and decide if BYOI would reduce or increase their overhead, workload and liability/risk profile.
According to John Landy, chief security officer at Intralinks, CIOs will eliminate consumer-based file sync and share solutions in the workplace in favor of enterprise-grade alternatives. Employees have become increasingly self-sufficient and in control of their own IT provisioning, thanks to the many tools easily at their fingertips. They regularly use consumer-grade applications in the workplace because these applications are familiar and easy to use. Employees think they are being more efficient by not wasting time turning to IT for help and not wasting time struggling with unfamiliar applications. But Landy pointed out that for the CIO and the IT department, this is a nightmare for security. He said:
Consumer-grade sync and share solutions introduce unnecessary vulnerabilities into secure data exchange processes, as IT no longer has control over who is sharing what information with whom and on what device. Over the year ahead, CIOs will begin to realize that while consumer-based file share and collaboration solutions may be acceptable for sharing information within the corporate firewall, they are not nearly secure enough to facilitate collaboration beyond it.
CIOs will realize that enterprise-grade solutions are available that offer security and control without hindering employee productivity, and they’ll turn to those tools in 2014 to avoid data loss, compliance fines, and other severe consequences associated with negligence in content management.
Our country has experienced serious backlash from information leaks that cast a spotlight on our surveillance policies, and it's clear that our nation must labor to find that balance between its security interests and important civil liberties concerns. CIOs are the stewards of corporate data, and as such, Robert Butler, chief security officer, IO, said, in 2014, CIOs should expect to be pulled into that debate. They need to stay apprised of how, when and what they are obliged to share with government organizations, as well as when they can and should legitimately hold back data.
Also, he added, the information converted and stored in digital form is subject to the laws of the country in which it is located:
Where is our data?" will be a question on everyone's lips. The widespread adoption of cloud computing services, as well as object storage, have broken down traditional geopolitical barriers. In response, many countries have issued new regulations that require customer data to be kept within the customer’s country of residence. In 2014, the visibility to maintain compliance will be high on every CIO's wish list.
Cloud-based email was originally billed as a panacea for overworked (and often over budget) IT staff -- an innovative new model that would relieve them from the burden of purchasing their own hardware, maintaining their own systems, and managing their own data. But the price for this hype has all too often been paid at the compliance table, according to Kari Woolf, senior global product marketing manager at Novell, Inc. She said:
The cloud may be suitable for many organizations, but others -- particularly those with strict compliance requirements or data protection directives -- find that on-premise email solutions are the only way to keep sensitive data strictly within their control. While cloud-based email will continue to become more mature and secure over time, many of these organizations (and perhaps some specialized industries at large) will buck the trend.
Woolf said CIOs will turn to on-premise email solutions that offer the low administrative burden promised by the cloud, but more importantly, the on-premise solution will offer the equally critical ability to maintain control of data -- and prove it in audit. As the regulatory vice tightens in industries like health care and financial services, she expects on-premise email solutions that offer a simple, cloud-like user experience and all the benefits of IT control, along with capabilities like archiving, digital signatures and encryption, support for new authentication methods, and stronger security for data synchronized to mobile devices, to gain new footholds.
According to security experts from Alsbridge, millions of dollars have been invested in building out systems of record for ERP, HR, and the like. Millions more have been spent on maintenance, but many of those systems no longer meet the need for agility in the business today. Systems of engagement now have a substantially different value proposition: integrating social and collaboration capabilities with the everyday transactions of the business. These systems are mobile, consumer-centric and often delivered via the cloud. The vast majority of these solutions are also less hardened versus their legacy counterparts, and they're typically implemented and maintained via a small ecosystem of partners and third parties.
The legacy environments were known to be highly secure, but now they are being mixed with a more social, interactive, customer-facing environment that is far less secure. The challenge for CIOs is to secure the "bridging" technologies (usually a cloud-based solution) that tie the two environments together in the enterprise.
Source : IT Business Edge
