Technological advances in the workplace can represent the proverbial double-edged sword for CIOs tasked with anticipating effective information security policies for their organizations. The spread of mobile devices, the rise of cloud computing and the popularity of social media allow employees to access company information anytime, anywhere, and that decentralized level of access creates many more opportunities for sensitive company information to end up in the wrong hands.
Has your organization created strong information security policies in the areas of mobility, cloud computing and social media to ensure that your private company data stays, well, private? Learn how to establish or update your existing information security policies in this Midmarket CIO Briefing.
This guide is part of SearchCIO-Midmarket.com's Midmarket CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics. For a complete list of topics covered to date, visit the Midmarket CIO Briefings section.
Smartphones have completely wriggled their way into our lives, both business and personal. Pity the CIO who forgets about these powerful and popular tools when it comes to securing and managing his network. For some, smartphones and other mobile devices are the weakest link in their networks, simply due to failure to successfully manage mobile devices.
Focus on two key areas for mobile device management:
- Deployment or the management of updates and other changes to mobile devices.
- Security or the ability to ensure that mobile devices are secure at all times.
Learn more in "Do you know where your smartphones are? Tips to manage mobile devices." Also:
- Mobile data security spans policies, budgets and backups
A proliferation of mobile devices in the enterprise forces CIOs to reassess policies, budgets and backups for mobile data security.
- Mobile security for tablet devices: Recognizing risk
Tablet devices are flooding into the enterprise, disrupting IT support plans and mobile security practices. Find out the business benefits and potential risks tablet devices pose.
IT executives are finding that they need to rethink their information security strategy and regulatory compliance practices as they move to a cloud computing environment in which data and resources are shared beyond their firewalls.
Raytheon Co. has made considerable investments in cybersecurity with traditional methods like intrusion prevention systems and firewalls, but those measures “get wasted” because they aren’t sitting in front of outsourced data and infrastructure in the cloud, said Michael Daly, deputy CISO and director of IT services at Raytheon. “So you are less able to take direct action yourself [in a cloud environment], and we need to figure out how to extend our cybersecurity practices and systems out to that outsourced environment.”
Get more information in "Cloud computing tests information security strategy limits." Also:
- Cloud users need a backup and recovery plan for service failures
Outages at cloud service providers prove that midmarket CIOs need to develop a backup and recovery plan for when the cloud goes down..
- Security issues in cloud computing
While the cloud may be flexible and cost-efficient, a lack of data safeguards and compliance standards makes security the largest hurdle to leap.
Social networks are now a part of everyday life, with thousands of midmarket companies using social media for business reasons. Whether it is to share pictures with your loved ones, to try to edge closer to potential customers or to try to enter into new markets, both individuals and organizations are leaping into social networks without regard for the consequences. But is this social migration a good idea?
Social network providers own all the data they hold. As soon as you place something -- pictures, bios, news items or anything else -- onto a social network, the network provider becomes the owner of the content and can therefore use it however it wants. Removing this information from the social network can be nearly impossible at times.
Learn more in "Using social media for business: Don't risk your confidential data." Also:
- Firms struggle to address social networking security risks, survey finds
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute.
- A guide to social media risk management strategy
Social media is valuable, but it’s also risky. Here are strategies for corporate social media policy, social network monitoring and risk management to protect sensitive information.
High-profile data breaches have demonstrated that even worldwide enterprises with household names aren’t immune to the loss of sensitive information. One person well aware of this vulnerability is Thomas Logan, who has spent the past decade creating software applications that address Web content compliance risks and accessibility concerns.
SearchCompliance.com recently caught up with Logan to get his thoughts on data security and privacy trends, and how companies can prepare an effective GRC strategy to alleviate compliance risks.
Get more information on data security risks in the full Q&A, "How ignoring data security and privacy leads to compliance risks." Also:
- Sony announces service restoration, enhanced customer data protection
After a cyberattack put Sony's protection of personal information under a microscope, the company has announced increased security measures and enhanced customer data protection.
- Application security best practices help meet compliance objectives
Aligning application security best practices and compliance objectives helps companies comply with industry regulations and standards -- and may help reduce costs in the process.