Our blog has moved!
For our latest articles please visit clearswift.posterous.com
We received some good news this week…
Clearswift has been shortlisted for two SC Magazine awards!
In the ‘Best Content Security’ category, our SECURE Web and Email Gateway is one of six products on the shortlist, whilst Clearswift’s Chief Executive Richard Turner is one of just three people to be shortlisted for SC Magazine’s ‘CEO of the Year’.
The awards are Europe-wide and the winners will be announced during a ceremony which takes place at the Park Lane Hilton on the 19th April. Watch this space.
Our very own Chris Barton (Clearswift Asia Pacific) talks to Sky Business news about workplace privacy.
An interesting case of work-life balance surfaced in Australia recently, as a result of an employee using a work laptop at home. A public servant in Australia, with 25 years of service, was fired after looking at pornography at home and after office hours. This was detected by software setup by the IT department from the Commonwealth Department of Resources, Energy and Tourism triggered an alert after the unnamed senior public servant used the search term “knockers.” Called Spector360, the software was configured to take a snapshot of his desktop every 30 seconds, which became the proof that led to his termination. Government lawyers argued in federal court that because the laptop belonged to the department, its policies–which clearly prohibited pornography–applied at home, too.
Obviously this case has generated many problems for the department including the time and money spent to solve the issue. The ‘policing’ style attitude that was adopted by the department to maintain security is similar to a lot of businesses’ approach to IT security. Surely it would be better to have a policy in place that prevents breaches as they happen or even warn the user that what they are about to do breaches company policy. The outdated ‘stop and block’ style does not work in the long-term to educate an employee or department as to why what they are viewing is against company policy. And it appears that a large number of businesses are neglecting to do as our recent research showed, a third of those surveyed had not received any training on IT security since joining their firm.
As well as Mobile World Congress, last week also saw one of the key events for the IT security industry – the annual RSA Conference in San Francisco, which several members of the Clearswift team attended.
Rising to the surface this year were two closely connected issues: One, as Mike Vizard at ITBusinessEdge describes it, is the need organizations have to better “balance threats against the actual risks they may face,” as opposed to the typical style of constantly warning people against the worse possible scenario only for it not to happen and people to then feel security is simply crying wolf (or as Mike puts it, playing Chicken Little).
The second, as Andrew Hickey at CRN.com outlines based on some Cisco insights, is that the entire information security ecosystem needs to be rethought in the face of exploding end user device adoption and new applications that enable new forms of communications.
Taken together, these sentiments echo strongly the main findings from the research that Clearswift has conducted in the last few months, and the pain points expressed in several of the meetings we had at the conference in San Francisco this year.
For instance, we know from our Work-Life Web research that we first conducted last year that 65% of managers surveyed say their company’s policy allows or encourages Web 2.0 use by employees, but simultaneously 61% of employers name security as their greatest concern surrounding new web collaboration tools and social media.
We’re planning to refresh this research soon, and it will be interesting to see how things might have changed since last year and how right some of these big industry agenda issues are. It does seem, though, that the industry is indeed grappling with trying to balance these new threats, determine just how much of a risk they pose, and protect information without stifling business development.
Last week saw a large chunk of the world’s technology community descend upon Barcelona for Mobile World Congress. This year much of the focus has been on the impact of mobile computing.
In our personal lives, many people are using the internet and social media sites on mobile devices, and many businesses are also adapting their working practices to incorporate new technology whether it’s iPads, laptops, tablets, Blackberries or other portable devices.
For the user, such devices are normally seen as good news: portability and, better usability just two reasons why. But unsurprisingly, CIOs may have a different opinion as data protection becomes a greater challenge. A 2010 study by Cisco found that 45% of IT professionals were unprepared or struggling to implement mobile workforce systems and 57% rated security as the biggest challenge to enabling remote working.
Our recent Security Awareness research highlighted this trend of ‘IT freestyling’ – where office workers use a range of technologies, both personal and business, to do their jobs. The appropriate and inappropriate use of technology is ever-shifting and essentially unclear to many employees according to our research. But what is clear is that the ever-more complex IT landscape that is created by the evolution of mobile devices highlights the need for businesses to re-examine their data and information security approach. By bringing IT security out of the shadows and educating employees on the risks and the protection in place it is possible to control data through the correct channels, even in an increasingly mobile world.
Research was released this week by the Ponemon Institute, an independent research company that looks at privacy, data protection and information security policy. It evaluated the costs associated with an organisation’s compliance efforts, revealing some staggering statistics. For example, it found that the average cost of achieving compliance was found to be more than £2million. A lot of money you might think. But that’s until you read on to discover that the cost of non-compliance is approaching £6million. The study also found that the main drivers for investment in compliance were data protection laws, the European Union Privacy Directive as well as to address external compliance.
There’s no doubt that compliance does incur costs and there is an initial capital outlay to secure a company’s information boundaries, however this type of research is a stark reminder that companies need to look beyond cost and see the true value of their investment. The financial penalties of non-compliance are well known, but to see true value, you must also consider the worth of safeguarding a reputation or customer relationships to name but two important elements.
Good IT security can provide real value to businesses, whether through saving on IT administration costs or enabling more efficient use of time by staff but it can also play an important role in more fundamental and valuable aspects of a corporate operation.
Regulatory enforcement is not going away, the opposite is true as business grapple to understand the ever-evolving legislative landscape regarding data and information protection. However, businesses need to see beyond this as the sole driver information security when there is such value to be gained in other ways from a solid IT security solution.
A recent trend has emerged in IT business – but will it take off? Buy your own computer schemes or BYOC to be precise, do exactly that, they allow employees to buy hardware that is subsidised by the employer. Kraft, Microsoft and Intel are just some of the high profile businesses adopting this new policy. Employees, frustrated with having to use outdated technology at work, are often keen to bring in their own hardware, particularly as they often have more modern equipment, or devices that they have a personal preference for, at home.
Research we conducted last year goes perhaps some way to indicate why the BYOC trend is being seen. It found that many employees expect the same or better IT experience in work than at home (56%).
There’s no doubt that this type of activity by staff will raise eyebrows with more than a few CIOs. However the fact that must be faced is that with the boundaries between work and home life ever more blurred, constantly ‘connected’ employees are demanding better IT experiences and access to the full IT experience they are used to at home, within the workplace.
The level of control employers have when dealing with security in these types of situations can lead to challenges, and ultimately even with strict security in place, people will tend to work round barriers to achieve their aim.
The better approach therefore given today’s IT landscape is to adopt more flexible policies that work with the needs of both the business and its employees to open up technology and allow innovation to flourish.
We’ve all become reliant on email these days. For many it has become a crucial method of communicating, both formally and for a quick catch up. However recent comments by Jack Dorsey, chairman and co-founder of Twitter, have challenged the idea that email will continue to be so dominant. In the latest interview, Jack commented that he now rarely uses email and instead prefers instant messaging, with emails being reserved for more formal communications. This opinion was also echoed by Cheryl Sandberg, the chief operating officer of Facebook, who said last year email is probably going to go away.
So why is email losing its appeal? The rise of social networks means we can now be permanently “connected”. We can tweet our location in real-time, update friends on what we are doing or where we’re going, and it’s instant. The technology is also beginning to take down the boundaries between work and home life. Previous research has found that in 2010 there were 2.9 billion email accounts in the world, with social networking sites following closely behind at 2.1 billion accounts. As well as estimates that by 2014 there will be 3.8 billion email accounts and 3.6 billion social network accounts – a clear sign that email will start to be overtaken by the likes of Facebook and Twitter.
So what are the implications for businesses? Some organisations have begun to embrace the cultural shift recognising it as a useful new channel of communication with both colleagues and clients. Others however fear the openness and the possibility of leaks. However one thing is for sure, social networks are here to stay and blocking social media is not a realistic approach. Instead companies need to decide how they might feel comfortable, perhaps by adopting a new approach to their data protection and security as a first step.
Research has been released recently by AddThis – which is installed in more than 7 million domains and reaches more than one billion users a month – who have looked into the sharing trends in 2010.
Following on from our blog post last week, ‘Social media to define 2011’, the research is dominated by several interesting figures such as ‘44% of all shares occurred through Facebook in 2010, up 33% from last year.’ As well as ‘email is 38% bigger than Twitter’.
The results show the ever-changing move towards social media as a key communication tool. And businesses are recognising this as well. Our recent research illustrated a significant mind shift amongst businesses to show that a majority (54%) now feel Web 2.0 and other collaborative technologies are critical to the future success of their company. The benefits of collaborative technologies such as social media can bring many benefits to a business however a new approach to security is needed to ensure that an organisation’s networks are not compromised. At Clearswift, our web and email gateways deal with specific elements of security to enable businesses to take advantage of these channels, i.e. stopping someone distributing a confidential file on Facebook, yet allowing them to still use Facebook to stay in touch with friends.
As we welcome 2011 the internet and media are awash with predictions and analysis of what the year ahead will bring. An overriding impression from industry experts is that social media can no longer be ignored by enterprises. One of the larger global reports was issued by Ernst and Young at its Annual Information Security conference – showing that we live in a rapidly changing workplace where traditional enterprise boundaries no longer exist. Employees and managers are increasingly driven by flexibility and mobility, greater adoption of cloud computing services, and a growing use of social media and collaborations tools. This further demonstrates that companies cannot afford to dismiss social media as a security risk, when it can in fact be a corporate advantage and opportunity.
This is even more ironic when you consider today’s news that investment bank Goldman Sachs has bought a $450m stake in Facebook – when the bank itself bans its staff from using Facebook at work…wonder if they will change that policy now??