The right information security policies and practices can keep your company's IT network secure, safe from the seemingly infinite number of threats via the Internet. This CIO Briefing offers guidance and support for CIOs on setting policies to address three of the most pressing information security issues of the day: mobile device management, social media risk and cloud computing.
This CIO Briefing is part of the SearchCIO.com CIO Briefing series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of topics covered to date visit the CIO Briefing section.
- Mobile device security policies
- Social media security concerns
- Cloud computing security issues
- More resources
Whether IT departments like it or not, employees are bringing their iPhones and iPads, Android-based devices and BlackBerrys into the enterprise. If you can't beat 'em, join 'em -- the onus is on IT to establish mobile phone security policies to control the proliferation of smart mobile devices.
"Execs are gadget geeks," said Wes Baker, virtualization architect at Jewelry Television Inc. in Knoxville, Tenn. While executives have been after their IT departments for years to provide mobile devices, rogue rank-and-file employees increasingly are transferring work data onto a portable format that frees them from the office, he said.
And who can blame them, when the Internet and its satellites make it possible to tick off to-do lists on the run? Or on the walk to work? Or while walking the dog? "People want to be productive," said James Ainslie, chief technology officer at SMMT Online (Pty) Ltd. in Johannesburg, South Africa. "In today's economic climate, people can't afford to be separated from their information."
Learn more in "Mobile phone security policies give IT some control over the influx." Also:
data security spans policies, budgets and backups
A proliferation of mobile devices in the enterprise forces CIOs to reassess policies, budgets and backups for mobile data security.
device management in the workplace: A guide for CIOs
Mobile devices enable flexibility previously unimaginable in the workplace, but they carry concerns about security and compliance. Learn more in our mobile device management guide.
Boston Medical Center (BMC), a private hospital center affiliated with Boston University, blocks access to all social media websites using security software from Websense Inc. Users who attempt to use such sites as Facebook, YouTube or Twitter are shown a page indicating that their destination is off-limits. Nevertheless, the debate about whether to open up access to such sites or to keep blocking them remains contentious.
In fact, the discussion comes up "practically on a daily basis," said Brad Blake, director of IT at BMC. "As you can imagine, we have a lot of users who want access to these sites, but for a variety of reasons we do not feel comfortable opening them."
If BMC created a Facebook account and asked its patients to be friends, "that would constitute a security breach," Blake said. "Our senior management has felt it easier just to block these sites rather than trying to police and manage them."
Learn more in "CIOs weigh use of social media against security concerns." Also:
and content of social media policies vary widely by industry
Setting social media policies is a tricky and potentially costly process that varies widely based on an industry's regulatory requirements.
social media policies and strategies: A guide for CIOs
Enterprise social media policies and strategies are evolving as organizations recognize the benefits, risks and functions that social networks like Facebook and Twitter provide.
Public cloud computing risks are numerous enough to field a top 10 -- or even more. Professional organizations and CIOs are developing threat lists to help them come to grips with the public cloud, an entity that will continue to seep into the enterprise IT environment whether they like it or not.
Some lists of top public cloud computing risks are sweeping and philosophical, such as the Top Threats to Cloud Computing, v.1.0, developed by the Cloud Security Alliance. Most include some combination of 10 items.
Get the list in "Advice for dealing with the top 10 risks in public cloud computing." Also:
you trust your public cloud provider?
Secure public cloud services aren't a pipe dream; service providers just have to connect some of the dots. How close are we to regulatory compliance in the cloud?
security after a cloud computing implementation
You've just migrated your organization's applications and data in the cloud. Michael Cobb reviews how to work with your cloud provider to ensure ongoing security.
- Resource center: Data security and privacy (SearchCIO.com)
- Resource center: Security and risk management (SearchCIO-Midmarket.com)
- Website: SearchSecurity.com
This was first published in January 2008