Trust and security of remote workers
- Article 31 of 33
- SC Magazine, December 2012
Significant numbers of people admit to regularly taking risks with potentially sensitive data at work that could lead to data breaches. By Rob Buckley
Page 1 | Page 2 | All 2 Pages
Nevertheless, both trends still have problems, particularly for security. As the survey showed, employees are likely to want to use insecure services such as Dropbox for accessing data at home or on their phone, which could potentially lead to data loses.
They aren't going to want to use their smartphone for work if they can't use their own apps, such as Facebook, because the company doesn't like it or regards it as a security risk. They're even less likely to want to have their phone or home computer wiped completely when they leave the company.
Andy Lucas pointed out that in the US, contracts requiring employees to submit to such wiping are being challenged in the courts: "Are employees really positioned to give consent to such contracts?" While there hasn't been a challenge in the UK, relying simply on employment contracts may not be enough.
At the very least, says Lucas, in combination with contracts, there needs to be training for employees in how to be secure. But companies also need to consider whether they're applying new standards to an old phenomenon. "Employees have been taking customer lists since the industry began. The key issue is enforcement. Cast iron contracts help, but it's also partially behaviour. People going on gardening leave for six months after they leave a company is partly about getting them to forget things."
But panellists were agreed that largely the solution to the security risks presented by BYOD was to focus on the data and securing that, rather than the devices or endpoints. Encryption in particular was seen as the best way to safeguard against data loss, since even if data is transferred insecurely by email or Dropbox, if it's encrypted, no one else can use.
"Companies want to take over security for devices but that can cause issues," said Check Point major accounts director Caroline Ikomi. "But it's easy to take control of data."
However, while Peter Warren wanted to know why encryption wasn't legally mandated for all devices - although he suggested that at most security conferences, the only people attending who were against legally mandated encryption were from governments - both Martin Pickford and Caroline Ikomi pointed out the problem with encryption is key management.
"It's a pain and an overhead," said Pickford. Advances in key management usability might well be the solution to broader adoption of encryption within organisations. Indeed, if there was one thing the panellists could agree one, there are no easy answers to the issue of trust, at least not yet. "Trust is probably going to be the big fundamental argument we get for the first 20 years of this century," suggested Peter Warren.
Page 1 | Page 2 | All 2 Pages