How to manage the unmanageable – security in the mobile era
As so many of you, also I could be called a hybrid employee.
At work, my main tool is my laptop. I carry it around wherever I go and use it when there is a wireless network available. When I’m on the go – which is quite often – I mainly rely on mobile network and my rather large mobile phone (no tablets, please). Some of the data I need for work is in the cloud, but not all. When it comes to leisure time, you could say I’m almost 100% cloud-reliant.
We are living in a hybrid era where remote work is business as usual. For example, in Finland roughly every fourth employee works outside of office. This means that hybrid workers like me are among the biggest headaches for the CISO: according to the annual Cyber Security Intelligence Index report from IBM, almost 25% of cyber security issues come from inadvertent actors. I.e. a high proportion of attacks exploit people who become culprits without knowing it.
This is a hard fact. Nobody wants to be the one to blame for a breach that could jeopardize the continuity of the organisation’s business. To manage mobile employees you need to keep the basic information and tools available but still secure the critical items.
There are three main challenges you have to address:
1. Infrastructure and access
Projects tend to happen 24/7 and ASAP is the standard deadline. To make your business thrive it’s essential that information and software is accessible everywhere, all the time.
Thanks to hybrid cloud systems you can define which core data can be accessed easily and which needs a VPN or additional authentication. Even though every organisation’s core tasks are heavily secured, VPN shouldn’t be the way your remote workers access the basic tools. A lot of day-to-day data and software must be reached easily from multiple platforms and devices.
It isn’t always straightforward to know which data falls to which category but it surely pays off to analyse your business assets thoroughly.
2. Human behaviour
There is no other way of putting it: when you think about security you must turn your gaze at your staff. In addition to accidental culprits there are also the malicious insiders – that according to the Cyber Security Index – account for over 30% of attackers.
But mainly it’s about the way regular everyday work is done. If protection means cumbersome and recurring authentications to every software, people tend to withdraw from the action altogether. And like it or not, we also make mistakes.
That’s why security must be made easy and simple. You must understand digital interaction and promote easy-to-use interfaces that are also secure.
3. Visibility and analytics
To make security happen in the mobile era, you need a first-class Managed Security Services Provider. You must know where your data resides and who has access to it. Your MSSP needs to provide you with real-time information on your network traffic.
We launched Tieto Security Services to provide every CIO with the tools they need to make accurate decisions. They give a bird’s-eye view of the traffic in their organisation’s network.
Tieto Security Wall's dashboard gives the CIO a bird's-eye view to security.
Only when you see what goes on in your network you are able to draw patterns. When we understand what constitutes normal usage we can highlight anomalies, such as unexpected actions at unusual times etc.
Mobile security in the hybrid world is no longer hard. To learn how to enable your employees, please see our white paper.