While the dust is still settling around the Clinton email scandal, IT professionals are discussing the incident from a compliance and security standpoint. Mike Bell, CIO at Texas Department of Justice, shared an amusing collection of the worst government security “flubs,” highlighting that security needs to be considered at all levels of an organization. The examples show that shadow IT, while potentially risky, is not necessarily conducted by malicious employees, but more likely represents a simple desire to use tools that maximize productivity.
Paul Stokes, CIO at the University of Victoria, shared an article that grounds this issue in the opinions of security practitioners. Among survey respondents, 65% of InfoSec professionals are concerned about executive knowledge of security, and 77% are concerned about BYOD. 29% don’t believe there is enough board oversight of security. Although attention paid to security has certainly risen over the past few years, there are still shortcomings in how organizations prioritize security.
This goes to show that a key aspect of enterprise security falls on the shoulders of the users. Robert Schmidt of the California Department of Agriculture posted a much-needed article on security best practices for employees. Not only do the guidelines cover preventative measures, but they also lay out steps to take in the event of a compromised account. Security teams would be wise to share these tips with employees, as security-conscious users can be a powerful (and inexpensive) line of defense.
Ward Walker, CTO of Air Mobility Command, explained the significance of catering to users’ needs. His comparison of IT with iTunes illustrates the point that with the amount of cloud services easily available to employees, IT must offer a similarly frictionless experience. Convenience is a powerful factor, evidenced by examples ranging from Hillary’s personal email address to a business units using personal file sharing services for work use.
Finally, your own employees aren’t the only ones to worry about. The average company connects with 1,555 businesses through the cloud, 8% of which are high risk. Creative Artist Agency’s Michael Keithley shared our Slideshare on how the cloud economy enables powerful systems of collaboration, but also creates vulnerabilities for companies. For example, attackers entered Target’s system through an HVAC vendor. The connected partner environment further illustrates that security no longer follows the model of the old corporate perimeter.