Employees are increasingly using consumer-focused websites and applications such as Twitter, Facebook and LinkedIn for work-related tasks, blurring the boundaries between business data and personal information. What's more, they are increasingly using their personal PCs, laptops, tablets and smartphones for work purposes.
We believe that about half of UK employees use mobile devices, such as personal laptops or smartphones, for work purposes, with less than that forbidden to do so by corporate policies. Many have told us they have no formal process for applying security to their mobile devices.
So it's no surprise that we're seeing concerns about mobile device security, especially when they're connected to the network. More organisations are asking us how they should go about enforcing security and ensuring their employees comply with security policies, irrespective of the device or app they are using.
In my view this is a real opportunity for VARs. The message is actually simple. If employees are starting to take control of the devices and apps they use for work, why not empower them and involve them in the security process, instead of blocking specific applications and devices altogether?
Users should bear some responsibility for securing their personal devices and web app use, especially as many personal smartphones, tablets and laptops can be secured easily by downloading an app and upgrading remote access software at the corporate gateway.
This makes it straightforward to provision and manage security for a variety of devices and platforms.
Adding a human dimension to security and treating users as a core part of the process rather than just as the source of the security issue strengthens security and makes the whole process more manageable.
Most data leakage incidents occur via email, when someone sends confidential data to the wrong person or attaches the wrong file. In my view, effective data loss prevention should incorporate the ability to inspect email content and alert the user if any sensitive material is detected, asking the user to confirm whether they intended to send this specific file to this specific recipient.
This can prevent users from sending files in error. Inadvertent leaks can be prevented, while also building a log of user activity with a combination of software intelligence and user input.
These types of offering can also be cost-effective and quick to deploy.
With web 2.0, your customers can offer employees access to certain applications, provided they give their reasons and have a legitimate need to visit the related websites.
For example, workers from the human resources department may be allowed to visit sites such as LinkedIn and Facebook when reviewing applicant profiles. Marketing departments may be permitted to visit sites such as YouTube or Vimeo to watch, say, corporate or professional videos.
And organisations that communicate their corporate security policies more clearly may also achieve a higher, more effective level of compliance with these policies, and therefore protection.
Terry Greer-King is UK country manager at Check Point
Businesses also admit to holding data without permission of subjects
Zedsphere says end-point security vendor's offerings will be a 'key' feature of its wider portfolio
New acquisition will bring UK cloud service provider's global headcount to over 700
Law firm claims that Oracle lied to investors over what is driving its cloud revenue growth and boosted sales through 'threats and extortive tactics'