The digitization of business process and personal practice is having a profound impact on productivity at work and in daily life. But our growing reliance on cloud-enabled mobile collaboration exacts a price in the form of increased IT security risk. What is the source of this risk? For many, the ‘who’, ‘when’, ‘where’ and the ‘what’ of threat vectors remains a mystery wrapped inside an enigma. Volume 3 of the InsightaaS Viewpoint document series, Collabmobilicloud: The Security Continuum, looks to address this knowledge gap by examining the evolving threat landscape, integrated approaches to managing security and the potential for transforming security from risk mitigation to competitive business advantage.
The Security Continuum begins with the proposition that new workforce flexibility and the technologies that power it have produced a blending of work and daily life that has not been seen since the ‘putting out system’ of pre-industrial Europe engaged craft workers in a mass household assembly line. But unlike pre-industrial times, in the Collabmobilicloud era, the blending of home and work location has extended to ‘anywhere’ including the virtual world as the modern worker takes advantage of multiple cloud and mobile technologies to access data, applications and colleagues whenever it is convenient. This extension of collaboration possibilities is outlined in the first section of the document through a fictionalized account – “A Day in the Life” – of 24 hours in the life of Roman, a “mobile warrior” who makes extensive use of IT tools to negotiate the demands of both personal and professional life. But with each use of technology, the potential security risk is highlighted. Many readers will identify with Roman’s use of a borrowed USB stick or café hot spot for information sharing, the log on to SaaS apps with insecure passwords or to corporate systems by outside contractors (HVAC as in the case of the massive Target breech), exposure to outside attack via phishing scams, etc. and their associated perils; less familiar may be the risks associated with the trend towards company SSL/TLS encryption of all traffic or targeted attacks on industrial systems or even electronic vehicles. For purposes of illustration, Roman experiences multiple risk scenarios over the course of a day and likely more than most individuals would encounter in this period, however, each represents a familiar threat or risk behaviour that on its own could result in the inevitable – data breech at Roman’s place of work. In other words, in the Collabmobilicloud world, it’s very difficult to isolate – and hence prepare for – a specific cause of breech
In the second section of The Security Continuum, efforts that are now underway to manage this conflation of Collabmobilicloud threats are discussed. The overall goal is a shift in thinking from the containment of an attack to prevention, a strategy that entails the application of tactics that will deliver protection across all points of vulnerability within the organization. For example, the white paper outlines an approach developed by Dell global mobile solutions director Ben Schreiner designed to provide protection from client to cloud based on three considerations: how to secure access, applications and data. In his schema, Schreiner has also taken into account the ways mobility is delivered (via devices, solutions to delivery virtual workspaces, browsers, image containers, application containers), layering this matrix of security imperatives and delivery methods across a continuum of specific actions that can be taken to secure the mobile environment. Specific technologies that can be applied at each stage in the matrix, and the pros of a solutions approach that takes advantage of the synergies between integrated products are also outlined in the paper.
The Security Continuum wraps with discussion of the productivity outcomes associated with a more considered security strategy and a solutions orientation that manages to close gaps between different areas requiring protection. These gaps are a key source of vulnerability, which continue to be exploited at an increasingly alarming rate – as the document’s visualization of the growing frequency and impact of data breaches attests. On a personal level – and as Roman’s experience shows – the productivity benefits of better protection are clear. But this Viewpoint document also addresses the benefits at an enterprise or company level. The rising value or cost of security breaches, as well as non-financial losses such as the blow to corporate image, trust and the ability to do business with partners and customers have been quantified by various research organizations and referenced in the paper.
Ultimately, an evolving threat landscape, populated by large numbers of sophisticated human and machine attackers, combined with use of cloud and mobile technologies that ironically introduce new risk along with new levels of productivity, mean that organizations will need as a first step to rethink security. Fortunately, as The Security Continuum concludes, “a second step is also at hand – the ability to apply and connect security solutions across Collabmobilicloud to avoid financial, operational and reputational loss, and transition absence of risk to new competitive advantage.”