Headlines abound as the UK Government looks to promote more agile ways of working to make-up for policy makers prevarications over transport and communication infrastructure upgrades in the run up to the Olympics.
· Headlines ‘Read all about it’ UK tests home working to beat Games gridlock
Political sniping aside the real story here is an unavoidable high impact scenario on the horizon that will drive an accelerated shift in Business operational behaviour for better or worse.
The ‘Better’ is crystal clear to those businesses alert enough to what is going on in the market. In the fifty plus years since there has been an IT industry, Cloud Computing is only the third such shift, centralized and client-server computing being the two previous ones. As happened with the web enablement of legacy applications over the last decade enterprises and vendors will be cloud-enable their legacy IT infrastructures and application consumption in the next. But with Cloud this goes broader and deeper, with Business Process and workforce cultural and behavioural impact.
Could this be the first nudge to UK SME’s and Enterprises, helping them to open their eyes to the potential (and inevitable), strategy shift that unlocks the value of a new business and offers an economically scalable environment for all stakeholders?
The ‘Worse’ is where the unavoidable shift to being ‘Out There’ is going to impact businesses. Corporate assets, employee’s and most critically information or in its simple for DATA.
Corporate environments taking on a virtual extension that goes beyond the physical boundaries of traditional physical, formal places of work. The Corporate office becomes an airport departure lounge, a train or coffee shop. In fact the corporate office is no longer a wholly private domain, which makes a joke of the security of office buildings, when in fact with a bit of patience any budding malfeasant only has to wait for an executive to step out into their ‘Virtual Corporate Environment’ (and very Public) to facilitate a compromise with frightening ease. A compromise that would not necessarily require much imagination – snatch and grab of a mobile device (Notebook PC, SmartPhone or Tablet).
The event horizon of the Olympics means time is short and the inevitable fallout, business exposures are going to be high at a time of delicate economic recovery for many.
Let me put that past you again ….. Business exposures ARE going to be high.
Corporate assets can be tracked and tagged; it is hard for a computer or phone to go missing without it being immediately flagged up. The increasingly tethered nature of our working means we are also inextricably evolving to an ‘always on, always available’ state of existence. An existence that allows employees to still be ‘Virtually’ in the office in an available and collaborative sense of ‘being in’.
But DATA is another story, it is ethereal and more of it is out in the public domain out with corporate policy or compliance than even the companies themselves know. A recent survey by Document Lifecycle Management Specialist firm Litéra Corp, Mobile Device Users Survey, makes the size of this issue frighteningly clear. Quote:
“96% of business professionals polled are using mobile devices to store, access and send sensitive material, and the majority are doing so without e-mail encryption or metadata removal, thus posing significant security risks to their organizations.”
Data is where the rest of the corporate asset security risk management starts to pale into insignificance when placed alongside the nuclear grade fallout a data breach can have on a company.
Data or Information is the hidden intangible asset on the corporate balance sheet, the Achilles heel in corporate security and risk management.
Information is the life blood of EVERY business today, irrespective of type, and if you don’t think so then I would class that attitude as negligent. All business are subject to loss of consumer confidence and declining reputation and these always impact the bottom line, data breaches are the equivalent of corporate dirty washing in public or publishing corporate secrets for your competition to see.
“There is now enough evidence to prove that security is a business risk which must be accounted for in every organization’s enterprise risk management plan.” Experian Report – How Data Breaches Impact Bottom Lines.
Information and data security may be well understood but as all the evidence attests, with public notices abound of high profile data breaches from Military, Government and Corporates, it is largely poorly managed.
The sad truth is there is NO EXCUSE for poor data management. If business would apply tried and tested solutions, form experienced vendors, experience that is freely available and willingly shared. Many such solutions already baked into product companies already own, all they have to do is enable it! And where there is a cost, a business only has to evaluate the alternatives of not making that investment.
So why do so many business go skydiving without a parachute! Dramatic, yes, inaccurate NO.
If a 2011 survey from Experian is anything to go by 82% of organizations have a data breach involving sensitive or confidential customer information, on average, 2.7 breaches in the past 2 years. 76% had a significant or moderate impact on reputation, and that is assuming they are even aware of it!
So what can a business do?
A. A good defence is an Offence.
B. Have a data breach procedure in place.
Applicable to any organisation keep it in context, start by reviewing the PCI Compliance Guide at:
http://www.pcicomplianceguide.org/databreach/databreachguide.html
It’s not fully proof, but it’s better than many of your will probably have right now!
Nigel Gibbons ~ Welcomes you 
Posted on April 11, 2012
0