Companies carefully craft security policies to protect sensitive enterprise data, intellectual property and financial information.
Security policies will typically cover issues such as password and remote device usage, and the need for updating security protocols as necessary.
In a perfect world, employees would take these guiding principles to heart and carefully abide by all security policies and procedures. Then again, in a perfect world policies wouldn’t be needed, because crime would be nonexistent as would the resulting need to protect this information.
Instead of a perfect world, we are living in a threat-conscious one in which hacking attempts and breaches are daily news items; and those are just the ones that are successful. Other attempts are thwarted before any damage occurs, thanks to companies that enforce good security policies — ones that align with business realities and the need to protect sensitive enterprise data.
Employees present security challenges
There is only one sure thing about employees and security policies: Employees will — intentionally and unintentionally — violate them.
There are a number of reasons why staff violates security policies:
- They don’t understand the risk or think the threats are much less severe than the company says.
- They don’t care about the risk.
- They are rushed and feel abiding by security policies is too time consuming.
- Security policies impede their ability to perform their duties.
- They think IT can stop outside threats and will cover for any security policy violations.
The cloud offers network protection
Using cloud-delivered security solutions is a proven strategy. A May 2010 study by the Aberdeen Group indicated that organizations using cloud-delivered security saw a significant improvement in malware incidents, website compromises, data loss and exposure, security related downtime and audit deficiencies.
By adopting the cloud policies below, a company can ensure that its data is protected:
- Deliver security protocols. This enables the enterprise to control and ensure that security measures like password protocols, firewalls and security patches are current and adhered to, rather than leaving the decision making to sometimes-fickle employees.
- Enable deletion of data from endpoint devices in the event that they are lost or stolen.
- Deliver news items regarding the latest security threats. Keeping employees abreast of security breaches, phishing attempts and trick e-mail ploys will help heighten their awareness about the issue.
- Provide layered authorization. This lets the company control server access depending on who is trying to use it: customers, employees or managers. For example, customers may need to access servers to buy products, while financial managers will need to access the firm’s internal financial data.
- Use the cloud to route all network requests such as email and server access through a centralized, protected connection that stays up-to-date with the latest security protocols. This way any threats are blocked before they get to the network. Once there, they are extremely difficult and expensive to eradicate.
- Deliver new applications to employees and managers via the cloud. This ensures they use business, accounting, word processing and other solutions that include the same updated security protocols used throughout the network.
- Provide social networking solutions via the cloud to leverage the growing popularity of social networking while at the same time ensuring applications adhere to corporate security protocols.
By taking these steps, the company can proactively protect enterprise data from the burgeoning threats from hackers while still fulfilling the needs of its employees, managers, business partners and customers.
By Phil Britt