IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Thu, 1st Jul 2010
FYI, this story is more than a year old

Mobility, cloud computing and web 2.0 technologies have had a major impact on the way we do business. Organisations have experienced significant benefits from leveraging these new and powerful tools but, as with all technologies, there are vulnerabilities and risks which can result in loss or harm to an organisation’s information and reputation. Therefore it’s vital to understand the risks new technologies create and what you can do to mitigate them. Mobility Today it’s commonplace for employees to access sensitive information from home, cafés or other public places through wi-fi networks. With the popularity of iPhones, iPads and Android phones, staff are more likely to bring their personal devices to work and access the corporate network. This rapid uptake of mobility, the infiltration of consumer technologies into the organisation, and the changing nature of the workplace mean we need to seriously consider information and infrastructure security. To protect company information, unified data protection policies should be enforced across network, storage and endpoints. This can be done by implementing ‘define once, enforce everywhere’ policy management; automatically quarantining sensitive information and enabling policy-based encryption; inspecting all network communications and holding confidential data; as well as blocking the unauthorised release of information from network endpoints. Organisations should also consider implementing network compliance technology that will help keep infected devices out of the network (and disinfect them before rejoining the network). Cloud computing Cloud computing and digital devices are exciting technologies propelling our industry forward and evolving the information economy. Almost every enterprise has the opportunity to make savings and gain efficiency by moving some of its IT services delivery to a cloud computing model. However, with cloud computing, information will live in more places than ever before and be accessed by many different devices. Therefore, two security priorities are paramount: the authentication and identity of users and the protection of information assets. In addition, effective execution of cloud technology – and measurement of its true impact – requires policy (governance and regulatory), planning, process and education. These best practices will assist companies in planning and rolling out cloud technology while considering their security and policy needs:

  • Identify impacts and limitations of cloud computing.
  • Describe how and by how much cloud technology will save the business.
  • Raise the need within the organisation for cloud computing technology.
  • Identify regulatory and governance requirements.
  • Modify and adapt IT architecture to work with cloud services.
  • Ensure adequate protection of data stored in the cloud.
  • Develop a contingency plan for cloud enabled services.
Web 2.0 technologies Organisations have taken up web 2.0 technologies, including the likes of Twitter and Facebook, with great enthusiasm. However, cybercriminals have also been quick to leverage these technologies for their own profit through methods such as hacking and phishing. Organisations should make their staff aware of the following tips regarding social media:
  • Sharing passwords is never safe ? even with friends or family.
  • Photos, videos and comments posted on the web last forever. Don’t put things online that you wouldn’t want to be public.
  • Never post personally identifiable information, eg: phone numbers and birth dates.
  • Ignore links from ‘friends’ with titles aimed to tempt like, ‘Top Bikini Bodies of the Year.’ Treat these links as suspicious.
  • Ignore requests from ‘friends’ you don’t know.
  • Stay informed of social networking privacy settings, as these can change often.
  • Use software that will scan for malware and inappropriate web content.
 Companies need to read and understand social network privacy policies, be aware of traditional social engineering attacks aimed at their employees, and keep their operating systems, applications and security software up to date. Remember: security best practices are guidelines, so each organisation must find what works best for it. However, it is essential that businesses ensure security awareness and education are regularly discussed, maintain an in-depth security policy with multiple and mutual supportive technologies, and exercise caution with plenty of common sense.