How to Secure Corporate Data in Post-Perimeter World
eSecurity Planet (11/12/15) Webber, Chris
With employees increasingly moving to the cloud and taking corporate data with them, the traditional enterprise security perimeter is no longer enough. IT leaders should adopt a new approach to protecting critical information that is focused on identity management and allows IT to follow its users as they move across networks, apps, and devices. To start, IT leaders should find a solid federated identity solution that can extend across all the apps and devices users need, while allowing them the convenience of a single-sign-on solution. Such solutions eliminate the need for users to have multiple accounts and passwords for every app and device, which creates numerous points of weakness attackers can target. Next, critical apps that handle sensitive data should be even more secured, ideally by using multi-factor authentication. Lost or stolen devices are also a serious threat, so whatever identity solution IT selects should ideally include the ability to locate, lock, or erase lost or stolen devices. Finally, it should be easy to both assign and revoke credentials to users. Automating the provisioning and deprovisioning process is ideal, but at the very least there should be a specific individual in charge of tracking users access to apps and removing that access upon the employee’s departure.
Survey: How Wearables and IoT Are Impacting BYOD
ZDNet (11/09/15) Matteson, Scott
A majority of companies now use bring your own device (BYOD) policies in the workplace. These new concepts, ranging from wearables to personal employee-owned phones, have the potential to further influence and change the BYOD trend by making it more complex. A survey from Tech Pro Research found that nearly three-quarters of organizations allow BYOD, with security concerns ranking as the biggest impediment to implementation. IT and educational companies were most likely to permit BYOD and the government was the most likely to prohibit it. Smartphones and tablets were the most common devices. Small companies were the most likely to have included Internet of Things (IoT) devices into their BYOD plans. Interestingly, 78 percent indicated that BYOD policies had no effect on IT costs. Securing these devices remains a sticky issue for many companies, but the improved communication, better organizational capabilities, and enhanced productivity are causing many companies to overlook the negatives and focus on the immediate positives.