IT managers and information security will be unable to directly control or adequately protect company data in the coming years. The confluence of cloud computing solutions, mobile technologies and the consumerization of IT is driving major changes in how corporate data is accessed, used and shared.
Instead of trying to fight with this movement and change data management, companies should seek an adjustment to the new scenario in a safe and practical advice to executives.
We need to rethink how to protect the company. We have to stop saying ‘no‘ and try to form a partnership with our community of users to allow safe access of new technologies and social media tools, and the executives. Many of the current rules on safety in undertakings should be discarded. In this new world, we can not control the device.
Company data is increasingly accessed and shared via media that have some amount of direct control, as is the case of personal mobile devices and social networks used by employees and services hosted by cloud providers. With the expanded use of public and private clouds, we do not know where our data resides or will it be accessed.
Models that focus on traditional security perimeter network controls do not work in the new IT environment. Companies must begin to implement controls that can authenticate, authorize and monitor user access through new approaches. Instead of having a firewall just to avoid the entry of malicious code on the network, companies must begin to add controls that can keep critical information protected.
As users begin to access corporate data from mobile terminals and other channels, the security manager must find a way to deal with an avalanche of information related to devices, cloud infrastructure, geo-location data and sensors.
Although many processes need to change some things about the security but the company remains the same.
Governance has not changed much. We still have to maintain the basic cyber security such as patching and installing anti-virus tools. These ingredients are essential and security managers should not ignore such measures. The job security is the same, but now we have an additional layer of complexity.