Building a Mobile Computing Security Strategy
Part two: Who Needs to Know What
One Size Fits None
These days more organizations than should, are spending more money than necessary, on securing more resources than are practical, from more risks than make sense.
Yes, it is true that:
- Security breaches are on the rise.
- There are laws to obey, standards to uphold, best practices to follow.
- Bad things sometimes do happen to good people.
But it is also true that:
- Statistically speaking it’s not happening as often, or to as many, as you may think.
- From a liability standpoint negligence is not to blame nearly as much as may suspect.
- Legally, there may not be as much that you can do about it as you may hope.
So how much security is enough?
It depends on who you are and what you do, according to an in-depth InfoWorld report  on the subject released in March 2011. If you happen to be the leader of the free world or Agent 007, then by all means deploy everything you can get your hands on. If not, a more practical, “who needs to know what” approach proves to be far more effective. Especially when you take these game-changing realities into account:
- Not all information is sensitive or valuable.
- Not all people have access to sensitive or valuable information.
- Not all information can/should be protected in the same ways.
Here is a quick look at the four basic security risk groups InfoWorld suggests that you consider addressing (when appropriate) in every area of security planning, including your Mobile Security Strategy:
People who deal with routine business information
(Rarely have access to anything personal or sensitive)
- Types of professionals: Truck drivers, graphic designers, restaurateurs etc.
- Types of issues: Lost devices etc.
- Types of solutions: PINS, etc.
People who deal with important business information
(Could cause harm worth preventing, but won’t sink the ship)
- Types of professionals: Mid-level managers, IT professionals, consultants
- Types of issues: Access to somewhat sensitive systems, lost devices
- Types of solutions: Complex passwords. SSL encryption, remote wipe, etc.
People who deal with sensitive business information and technology
(Can cause significant harm)
- Types of professionals: Finance, medical, regulatory, product developers
- Types of issues: Access to somewhat sensitive systems and devices
- Types of solutions: Complex passwords. SSL encryption, remote wipe, access control
People who deal with top secret information and technology
(Can jeopardize lives, or national security)
- Types of professionals: Military, government, spies
- Types of issues: Access to extremely sensitive systems, lost devices
- Types of solutions: Military grade encryption, discreet lockdown control
InfoWorld Deep Dive: Mobile Device Management, March 2011
Register for an event! To see what events are upcoming, please visit our event page here
brightstack® is hiring! To view our job openings, please visit our job center here
A Guide to Building a Relationship with the Right Provider - Part I
The information contained in this two-part guide provides a step-by-step plan to help you build a relationship with the right provider, regardless of whether you are looking to:
- Outsource your IT functions so you can focus time and resources elsewhere;
- Strengthen or refresh your existing IT infrastructure without tying up capital; and/or
- Access specific capabilities without worrying about technological obsolescence
This document focuses on everything you need to know to find the best possible candidate for the job!
Generally speaking, there are three types of providers to choose from based on your specific needs. It is a good idea to take the time now to study the descriptions below so you are certain about who does what. That kind of clarity will serve you well in two ways. First, it will make it easier to hone in on suitable professionals. Plus you’ll have a good grasp of what you can expect from each, which will help you to weigh candidates’ qualifications accurately and fairly.
IT Services providers typically offer:
- A combination of hardware and software for resale
- Services on a time and materials basis
Managed Services providers typically offer:
- IT support as part of a monthly services program contract for a variety of resources, including:
- PC devices and infrastructure
- Help Desks
- Mobile devices and connectivity
- Software and networking
Technology as a Service providers typically offer comprehensive packages encompassing:
- Hardware and software rental
- Managed Services
- Voice and data circuits
Map out the borders of your organization’s and environment’s current and future states. Be as detailed as possible. You want to be as familiar as you can with the terrain and what it will take to navigate it effectively. Be sure to include information about:
- Existing IT resources
- Financial and operational challenges/opportunities
- Preferred/Must have technologies and capabilities
Smackdown in the Clouds: Full-on Implementation or Technology as a Service
But first, a word about terminology:
|When we say:
||A new way people can access remote technology
||A specific kind of new technology
“Cloud-enabled Technology as a Service”
|A new way of delivering our services
||A particular kind of new service
Heads up: Definitions can vary widely. This is how we see things at brightstack® and where this blog is coming from. If you have questions, please call me at [212-812-9446] .
Today’s leading IT analysts often tout the business benefits of technological change. But many IT professionals would beg to differ. Fearing chaos, some flat out resist change, effectively trading progress for predictability. Fearing inertia, others mistake movement for momentum and jump from one thing to the next. Either way, it can be disruptive when fear of change, rather than its promise, is calling the shots. Perhaps it should not be surprising that more than half of the IT decision makers who participated in a recent survey cited fear of change as the number one roadblock to cloud implementation.
Cloud-enabled Technology as a Service
It is not necessary to idle or retire your existing IT network to get the benefit of Cloud-enabled Technology as a Service. Although given that users could use the? Internet to access technology that is physically housed in brightstack®’s data center, retiring it gradually may be worth considering. Reducing the size of your IT footprint can result in significant advantage, financially as well as in terms of sustainability. There is no need to fear a loss of data.