We received some good news this week…
Clearswift has been shortlisted for two SC Magazine awards!
In the ‘Best Content Security’ category, our SECURE Web and Email Gateway is one of six products on the shortlist, whilst Clearswift’s Chief Executive Richard Turner is one of just three people to be shortlisted for SC Magazine’s ‘CEO of the Year’.
The awards are Europe-wide and the winners will be announced during a ceremony which takes place at the Park Lane Hilton on the 19th April. Watch this space.
As well as Mobile World Congress, last week also saw one of the key events for the IT security industry – the annual RSA Conference in San Francisco, which several members of the Clearswift team attended.
Rising to the surface this year were two closely connected issues: One, as Mike Vizard at ITBusinessEdge describes it, is the need organizations have to better “balance threats against the actual risks they may face,” as opposed to the typical style of constantly warning people against the worse possible scenario only for it not to happen and people to then feel security is simply crying wolf (or as Mike puts it, playing Chicken Little).
The second, as Andrew Hickey at CRN.com outlines based on some Cisco insights, is that the entire information security ecosystem needs to be rethought in the face of exploding end user device adoption and new applications that enable new forms of communications.
Taken together, these sentiments echo strongly the main findings from the research that Clearswift has conducted in the last few months, and the pain points expressed in several of the meetings we had at the conference in San Francisco this year.
For instance, we know from our Work-Life Web research that we first conducted last year that 65% of managers surveyed say their company’s policy allows or encourages Web 2.0 use by employees, but simultaneously 61% of employers name security as their greatest concern surrounding new web collaboration tools and social media.
We’re planning to refresh this research soon, and it will be interesting to see how things might have changed since last year and how right some of these big industry agenda issues are. It does seem, though, that the industry is indeed grappling with trying to balance these new threats, determine just how much of a risk they pose, and protect information without stifling business development.
Last week saw a large chunk of the world’s technology community descend upon Barcelona for Mobile World Congress. This year much of the focus has been on the impact of mobile computing.
In our personal lives, many people are using the internet and social media sites on mobile devices, and many businesses are also adapting their working practices to incorporate new technology whether it’s iPads, laptops, tablets, Blackberries or other portable devices.
For the user, such devices are normally seen as good news: portability and, better usability just two reasons why. But unsurprisingly, CIOs may have a different opinion as data protection becomes a greater challenge. A 2010 study by Cisco found that 45% of IT professionals were unprepared or struggling to implement mobile workforce systems and 57% rated security as the biggest challenge to enabling remote working.
Our recent Security Awareness research highlighted this trend of ‘IT freestyling’ – where office workers use a range of technologies, both personal and business, to do their jobs. The appropriate and inappropriate use of technology is ever-shifting and essentially unclear to many employees according to our research. But what is clear is that the ever-more complex IT landscape that is created by the evolution of mobile devices highlights the need for businesses to re-examine their data and information security approach. By bringing IT security out of the shadows and educating employees on the risks and the protection in place it is possible to control data through the correct channels, even in an increasingly mobile world.
Research was released this week by the Ponemon Institute, an independent research company that looks at privacy, data protection and information security policy. It evaluated the costs associated with an organisation’s compliance efforts, revealing some staggering statistics. For example, it found that the average cost of achieving compliance was found to be more than £2million. A lot of money you might think. But that’s until you read on to discover that the cost of non-compliance is approaching £6million. The study also found that the main drivers for investment in compliance were data protection laws, the European Union Privacy Directive as well as to address external compliance.
There’s no doubt that compliance does incur costs and there is an initial capital outlay to secure a company’s information boundaries, however this type of research is a stark reminder that companies need to look beyond cost and see the true value of their investment. The financial penalties of non-compliance are well known, but to see true value, you must also consider the worth of safeguarding a reputation or customer relationships to name but two important elements.
Good IT security can provide real value to businesses, whether through saving on IT administration costs or enabling more efficient use of time by staff but it can also play an important role in more fundamental and valuable aspects of a corporate operation.
Regulatory enforcement is not going away, the opposite is true as business grapple to understand the ever-evolving legislative landscape regarding data and information protection. However, businesses need to see beyond this as the sole driver information security when there is such value to be gained in other ways from a solid IT security solution.
A recent trend has emerged in IT business – but will it take off? Buy your own computer schemes or BYOC to be precise, do exactly that, they allow employees to buy hardware that is subsidised by the employer. Kraft, Microsoft and Intel are just some of the high profile businesses adopting this new policy. Employees, frustrated with having to use outdated technology at work, are often keen to bring in their own hardware, particularly as they often have more modern equipment, or devices that they have a personal preference for, at home.
Research we conducted last year goes perhaps some way to indicate why the BYOC trend is being seen. It found that many employees expect the same or better IT experience in work than at home (56%).
There’s no doubt that this type of activity by staff will raise eyebrows with more than a few CIOs. However the fact that must be faced is that with the boundaries between work and home life ever more blurred, constantly ‘connected’ employees are demanding better IT experiences and access to the full IT experience they are used to at home, within the workplace.
The level of control employers have when dealing with security in these types of situations can lead to challenges, and ultimately even with strict security in place, people will tend to work round barriers to achieve their aim.
The better approach therefore given today’s IT landscape is to adopt more flexible policies that work with the needs of both the business and its employees to open up technology and allow innovation to flourish.
We’ve all become reliant on email these days. For many it has become a crucial method of communicating, both formally and for a quick catch up. However recent comments by Jack Dorsey, chairman and co-founder of Twitter, have challenged the idea that email will continue to be so dominant. In the latest interview, Jack commented that he now rarely uses email and instead prefers instant messaging, with emails being reserved for more formal communications. This opinion was also echoed by Cheryl Sandberg, the chief operating officer of Facebook, who said last year email is probably going to go away.
So why is email losing its appeal? The rise of social networks means we can now be permanently “connected”. We can tweet our location in real-time, update friends on what we are doing or where we’re going, and it’s instant. The technology is also beginning to take down the boundaries between work and home life. Previous research has found that in 2010 there were 2.9 billion email accounts in the world, with social networking sites following closely behind at 2.1 billion accounts. As well as estimates that by 2014 there will be 3.8 billion email accounts and 3.6 billion social network accounts – a clear sign that email will start to be overtaken by the likes of Facebook and Twitter.
So what are the implications for businesses? Some organisations have begun to embrace the cultural shift recognising it as a useful new channel of communication with both colleagues and clients. Others however fear the openness and the possibility of leaks. However one thing is for sure, social networks are here to stay and blocking social media is not a realistic approach. Instead companies need to decide how they might feel comfortable, perhaps by adopting a new approach to their data protection and security as a first step.
Research has been released recently by AddThis – which is installed in more than 7 million domains and reaches more than one billion users a month – who have looked into the sharing trends in 2010.
Following on from our blog post last week, ‘Social media to define 2011’, the research is dominated by several interesting figures such as ‘44% of all shares occurred through Facebook in 2010, up 33% from last year.’ As well as ‘email is 38% bigger than Twitter’.
The results show the ever-changing move towards social media as a key communication tool. And businesses are recognising this as well. Our recent research illustrated a significant mind shift amongst businesses to show that a majority (54%) now feel Web 2.0 and other collaborative technologies are critical to the future success of their company. The benefits of collaborative technologies such as social media can bring many benefits to a business however a new approach to security is needed to ensure that an organisation’s networks are not compromised. At Clearswift, our web and email gateways deal with specific elements of security to enable businesses to take advantage of these channels, i.e. stopping someone distributing a confidential file on Facebook, yet allowing them to still use Facebook to stay in touch with friends.