The Adaptive Trust Defence to Network Security

By Justin Chiah, Director and General Manager, South East Asia and Taiwan at Aruba, a Hewlett-Packard Enterprise Company.

The array of connected devices and applications today has put information retrieval in the palm of our hands, blurring the lines between the workplace and social life. This desire to stay connected to everything anywhere, and at all times, is driving the demand for the all-wireless workplace. And this trend is set to continue – Gartner forecasted that 6.4 billion connected ‘things’ (or devices) will be in use worldwide in 2016 alone.

Justin Chiah, Director & GM, SEA & Taiwan, Aruba

While businesses must embrace the inherent productivity and creativity that this trend brings, they also need to ensure that company assets do not suffer as a result. Companies need to be mindful that securing this information needs to extend beyond their own equipment to consider how their use of mobile and social technology might create issues for their organization and potentially introduce new facets of digital risk.

With this tectonic shift from fixed, static wired networks to open, dynamic environments where mobility rules, IT managers are now faced with all new challenges when safeguarding the security of company data and IT systems.

#GenMobile shows indifference to data security

Today’s new and rising mobile generation, what we call #GenMobile, live in a world where they rely on their mobile devices for every aspect of their personal and work related communication. Yet, this generation of mobile users often show indifference to the importance of security procedures and measures.

In a recent study conducted by Aruba Networks, a Hewlett Packet Enterprise company, it was revealed that as many as six out of 10 respondents are happy to let others regularly use their work and personal smartphones, and nearly a third of workers admit to having lost data due to the misuse of a mobile device.

With these figures, it is not surprising that network security is getting increasingly difficult, with room for improvement in the way businesses prepare for the high-risk, security-indifferent mind-set for the #GenMobile workforce.

Can’t beat ‘em? Get one step ahead of ‘em

Organizations now require a new network security strategy. If IT is going to protect the enterprise network and its resources, it must adapt to the way #GenMobile works – starting from inside the perimeter.

To do this, IT must take advantage of known, contextual data that it can leverage and trust – a person’s role inside an organization, the devices and apps they use, and their location – to create policies that fortify network security and adapt to mobility needs.

Organizations should strive to build a secure and operational framework for all workers, rather than stifle them. By adopting the following five-step checklist, organizations can ensure their IT teams are prepared for the risks that #GenMobile workers bring.

Don’t sweat. There’s a game plan

1. A safety code
A basic security policy is an absolute prerequisite for every firm to lay down a description of its core protection controls and its employees’ usage of those technologies. Even for a small firm of just two employees, formalizing an approach to information security is crucial. Such a policy should cover roles, devices, locations and other contextual attributes.

2. Administrative guidelines
Organizations should implement enforcement rules that extend from applications to devices to the network. Such an approach should integrate services across MDM, firewalls, IPS and policy engines to deliver common policy enforcement for all sensitive information.

3. Goal-orientated objectives
IT must measure and monitor user behaviour to ensure that security policies are mapped to business objectives. This will ensure that policies achieve the result of securing corporate information and systems without impacting usability and employee productivity.

4. Adequate training
Even the most well thought through security frameworks will fail without the requisite employee training. This should not only include a needs-assessment by employee type, but should also educate employees on why such actions are important and how they can assist in improving corporate security.

5. Feedback loop
Finally, ensure that IT has a mechanism for employee feedback and a service level agreement in place for how to respond to employee input and requests. Often times IT is able to improve the effectiveness of automated workflows and security policies simply by listening to employee feedback.

#GenMobile is the future of business. In a contemporary, connected world, firms that stick to their old business models and fail to adapt to #GenMobile will struggle against their more flexible, agile competitors. At the same time, firms will have to minimize the risk of data and information corruption or loss.

Organizations need to take an adaptive trust defence to connectivity and data security. How the business world now adapts to the behaviour of the #GenMobile workforce may be the make or break for long term boom or bust. Embracing #GenMobile’s penchant for openness, innovation, collaboration and some degree of risk is good – but only when an organization can understand and plan for the security risks these behaviours bring with them.