| |
Culture changes much slower than technology and often with painful repercussions. So it went with the infantry in WWI who charged across open terrain straight into machine gun fire. Today, executives charge unguarded across an insecure digital workspace as part of a corporate culture that does not fully recognize the value of secure communication. If you believe your company does not fit into this category because you already secured your network and data last year, think again! How do you know if you have a sufficient information management and protection strategy? This column will not offer you a short answer, but it can offer you a common sense approach.
First, look at the culture of your information workers. The very tools that we have culturally co-opted into our office toolkit, applications like email, web pages, databases, digital storage devices, spreadsheets, word processors accelerate the production of valuable information while at the same time compromise information security. Most security breaches occur because someone within the organization, either willfully or unintentionally disclosed proprietary information to someone who did not have the permission to view that information. Invest in worker education on issues such as proper use of email, appropriate data backup, and information sharing policies. Let them know that you care about the value of their ideas, because every single one of them can help you.
Second, choose technologies that support a secure workplace. Sending a confidential office document unencrypted and without proper permissions to your workgroup is like attaching a $100 bill with a paper clip to a postcard and passing it around your office. Will it come back to you with the money still attached? Maybe, but would you encourage your employees to put their information at risk by sending insecure, unencrypted, unsigned, and unmanaged documents? Do you store valuable information in a database that does not encrypt data? If so, migrate to a more secure database. If information is already stored securely in a database chances are that you access it through a web page from which it can be copied and pasted into an office document. Do you use a front-end client that does not encrypt data, and lacks permission settings for printing and copying of that data? Do you use a word processor or spreadsheet without a rights management solution? Find a solution that signs and encrypts these documents and web pages, and enables you to set permissions for those who can read the documents, print them, save them, and email them. You may not have realized your office and web documents could do that, but relatively inexpensive technology exists today to protect you.
The biggest security threat is from within, and overcoming it becomes an issue of corporate culture more than technology. How much time and money does your organization spend to create ideas that add value to your clients and shareholders? How much time and money should you spend to protect that value? Think of the cultural and technological changes as an insurance policy for your business. Adopting information security into your corporate culture will be the toughest and most rewarding step you can take. Pause and think about why your IT administrator installed anti-virus and firewall software installed at your office. If viruses infect computers or if a rogue program takes over a server, it will add to the IT administrator’s workload and your legal liability. He or she has quietly put in the necessary steps to save the loss of that valuable time. Should you not do the same, and prevent the loss of your valuable documents? You have an opportunity to learn from those who have failed to do so, by looking at the business section of any paper. You can also ignore this advice and join the ranks of those executives now gracing the pages of cartoons in editorial pages worldwide—no matter what industry and scandal they came from, poor information security is what they all had in common. If you want to become a cartoon, carry on as usual. |
“Combining outsource and local software engineering is the best way I've found to optimize new product development at a reasonable cost when building a new startup.” 
“We were impressed to find a team so technologically advanced and eager to integrate into our development timeline.” 
“International IT Services has treated us with an unmatched integrity of service.” 
“Partnering with IITS strengthens our value proposition, increases our capacity, and reduces time-to-market for new products.”
"I wanted to partner with an organization that I could always count on to scale as I grew." 
"As an IT consulting company we needed a custom application development partner who could deliver on both Microsoft and Java platforms. We finally found one." 
"IITS integrated into our consulting services seamlessly. They helped us win several deals through their high quality .Net development and attractive cost reductions." 
"CanDo Benefits from IITS Flexible Software Test Lab - Flexible QA Lab Provides Software Developers Increased Quality Control" 
"Test automation helped telecom leader shorten time-to-market." 
"We needed a partner who could port and test hundreds of mobile wireless applications, and we selected IITS for their wireless mobile capability and their commitment to quality." 
