Posts Tagged ‘Ayodele Soleye’

The quest for a portable office – are all mobile devices safe for work?

June 22, 2010

“Free as a bird, is the next best thing to be,” sang the Beatles. This is what modern workers want more and more: they want to be able to work while commuting, on a business trip and at home, even in the middle of the night or at weekends.

Naturally, the need for greater out-of-hours and out-of-office accessibility to work resources has grown with the development of new, smaller and lighter devices that are constantly coming out and gaining ground in the market.

With the choice getting wider by the day, professionals, who are getting more and more tech-savvy, want to be able to have their say when it comes to choosing their mobile devices. They want to be free to use what they like and are used to, for example their own mini Netbook or smart phone, rather than being forced to use machines approved by the IT department, often heavier and less discreet.

Some organisations have considered setting a budget for hardware expenses and allowing each individual to choose their own machine. Although arguably democratic, this move can turn out to be a disaster for two main reasons: firstly, the organisation would need to provide widely skilled, up-to-date support to cover all of the machines; secondly, and most importantly, the trendiest and newest gadgets often present the most risks concerning security.

While iPads and iPhones may appear more attractive than laptops, Blackberry and other handheld mobiles, it is not by chance that they are not popular in the workplace: they are not suited for remote VDI access and lack security lockdown features. Many smartphones were not originally designed for business or corporate use, therefore do not support data encryption. In addition to this, because of their novelty they may be more vulnerable to viruses and hacking. Let’s keep in mind that trendy devices are more eye-catching and at a higher risk of being stolen. If the device is not effectively password-protected and its data encrypted, then the thief will have full access to the crown jewels.

Another risk linked to mobile devices is that the smallest, lightest ones have less storage capacity, therefore users end up transferring and storing data through the use of external devices such as memory sticks, and sometimes other unconventional tools which allow data storage, such as digital cameras memory cards or mp3 players, perhaps to conceal sensitive information. While small devices like memory sticks are easy to lose, the unconventional ones do not provide adequate levels of data protection.

Even with the new Data Protection regulations which came out this year, forcing private companies to declare breaches to the Information Commissioner who is free to make them public, and facing breachers with fines up to £500,000, it still seems that many organisations do not fully understand the need to enhance their security measures. A survey conducted by ICD Research in association with CBR found that organisations are planning to spend 42% more on mobility this year, whilst 36% will spend the same budget as the previous year. However, surprisingly, 61% are planning to spend the same amount of money on security as the year before, and only 28% are going to increase spending in that area. From this data, it appears that although organisations recognise the need for mobile devices and to embrace mobility, they do not completely realise the importance of security, which becomes even more crucial when work is taken outside the office doors.

To be effective, security must work in layers, and protect access equally from the outside and from the inside. Apart from passwords and physical barriers to impede external access, it is important to update antivirus software regularly, especially on the more modern devices, which are typically more vulnerable to bugs and attack by hackers.

It is important as well to allow data to self-protect, in case the previous measures fail to be effective or in the not uncommon case of human error. Only recently, the news came that a police officer emailed some 100,000 criminal records to a journalist by mistake, due to the auto-complete function in his email account. Although human error cannot be automatically prevented, there is a way to save the organisation from a breach of data security, and that is to encrypt all documents, even when they are just sent between co-workers. Data is exposed to risks whilst in transit, attached to emails, when the transmission channel is owned by an external provider.

To insure an enhanced level of security, training should be provided to all members of the organisation, as most breaches happen at end point. A security culture must be introduced with mobility to reduce the attendant risks and, most importantly, a loss of reputation for the whole organisation, and not only the employee responsible for the breach. It is only embracing such measures that mobility, efficiency and security can finally meet.

 

 

Ayodele Soleye, Senior Consultant

Find this article online on Director: http://www.director.co.uk/ONLINE/2010/06_10_ipad_security.html

Tags:, , , , , , , , , , , , , , , , , , , , ,
Posted in Ayodele Soleye, Blackberry, Data Protection, data protection 2010, Data Protection Act, data security, data security awareness, information security, information security awareness, iPad, iPad security, iPhone, iPhone security, IT security, laptop, mini netbooks, mobility, netbooks, security, smartphone security, smartphones, Tablet, tablet computers, Tablet PC, Uncategorized | Leave a Comment »

Cloud computing: how to minimise lock-in risks

June 10, 2010

Choosing more than one supplier is necessary until a time when cloud computing comes of age.

Virtualising servers, purchasing space in data centres and utilising applications hosted and managed by third parties can have some undeniable advantages: they can increase efficiency, decrease IT-related costs, allow greater mobility and also represent a greener alternative for organisations. But as the popularity of cloud computing grows, so do concerns regarding the unclear implications of the new technologies. If the initial worries were mostly about security of data stored at a provider, now an even bigger question is arising: what would happen if an organisation wanted their data back to bring it in-house as they grow, or to transfer it to another provider as part of a merger, or a cheaper and more efficient provider for some of the services (e.g. only email or back-up)? Although it is possible to retrieve and migrate data, it is not an easy and straightforward operation and the costs involved might represent a barrier, causing the organisation to be locked-in with the provider – and accept any price and conditions they might decide to impose.

The problem with the newness of cloud computing technologies is that there are yet to be set standards for data formats and APIs to allow interoperability between infrastructures. Cloud computing providers are already working on how to improve portability and reduce latency during data transfers, but only within services and platforms hosted on their own, proprietary infrastructure. Migration to another vendor can instead be a lengthy and expensive procedure – apart from possible end-of-contract penalties, organisations will be charged both for format conversion and for the transfer, including additional charges for bandwidth usage which due to the high latency, might altogether amount to a very large figure. Migration costs can be prohibitive when dealing with a large amount of data, therefore even if it might seem easier and convenient to have only one vendor providing all services, storing the entire organisation’s data within one infrastructure represents a threat which might obstruct growth, structural changes and the search for more cost-efficient and bespoke solutions.

Experts reckon it might be a few years before data and service portability within vendors will be possible, but organisations need not put off a move to the cloud – they just have to apply some smart thinking. The key to avoiding lock-in, it seems, is to not have all the eggs in one basket. The wisest organisations are already using this technique, which sees them cherry-picking various vendors for different services: one provider for email, another for back-up and another couple for applications and VDI. There are a few criteria for choosing, not necessarily based on the cheapest offers: ideal vendors have to first of all provide modular packages, use popular formats for data and services and be transparent on regulations and fees applied to data transfer.

Many benefits can be achieved with this strategy: for instance, organisations can create a bespoke and flexible solution, and choose the best offer for each service. In some cases the overall price could be higher than the cost of a single provider for all services, but if it is lengthy and economically prohibitive to switch vendor, then price is inelastic and can be increased at any time, leaving the organisation no choice but to pay. It is also essential to take into account the risk of a provider going bust: the recent security attacks on Google and the dotcom meltdown have taught us that no company is too big to go out of business.

To avoid data and financial loss, the only solution is to use more than one vendor. It is only through a game of pick and choose that lock-in risks and their consequences can be avoided, while still enjoying the cost-efficiencies made possible by cloud computing.

 

 

Ayodele Soleye, Senior Consultant

This article is featured on Director of Finance Online: http://www.dofonline.co.uk/content/view/4645/152/

Tags:, , , , , , , , , , , , , , , , ,
Posted in Ayodele Soleye, Cloud Computing, cloud computing lock-in, cloud computing lock-in risks, Cloud computing risks, Cloud lock-in, Cloud risks, Lock-in, Lock-in risks, provider lock-in, Uncategorized, vendor lock-in | 3 Comments »

Follow

Get every new post delivered to your Inbox.