Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Securing Flexible Working

advertisement 
Opinion Piece
Securing Flexible Working
Despite the rising popularity of flexible working initiatives over the last few years,
many key decision makers within organisations view it with suspicion rather than as
a legitimate business strategy. Unfortunately, these suspicions are often a product
of misrepresentation rather than genuine risk. Whilst the virtues of flexible working
are often highly visible in successful implementations, in common reportage the
wide ranging benefits for both individual employees and entire organisations are
almost always counterbalanced with a superficial shrug at apparent security issues,
often proposed to be a problem inherent to flexible working.
To be clear, the attitude that flexible working and robust security are somehow opposed
to one another is simply not current. Flexible Working is supposed to be a progressive
idea; something capable of innovating decades-old working habits. Why then, are the
most common protestations always centred on its incompatibility with antiquated security
systems? Supporting flexible working does not mean engaging in some high-risk balancing
act, employee flexibility at one end and data protection at the other, it simply means adapting
security measures to meet the new demands that flexibility and mobile working raise.
The best security policies are agile and reactive, constantly evolving to overcome new
challenges as they arise. Security shouldn’t be regarded as a barrier to flexible working, but
rather flexible working should as an opportunity to improve security.
Inevitable Flexibility
In truth, only the staunchest opponents of Flexible Working will be able to resist its rise over
the next few years and even then only by enforcing draconian user-policies. Countless recent
surveys from major analysts all indicate that more and more employees are choosing to adopt
various flexible working behaviours without the full consent of their respective IT departments.
For instance, the consumerisation of IT is not a trend that shows any sign of slowing down
and a recent survey of IT managers by Cisco found that 51% said the number of employees
bringing their own devices to work is on the rise. Similarly, a recent survey of directorlevel professionals by Forrester found that 41% of respondents said they used an iPhone
or an iPad at work. IT consumerisation is being endorsed at high levels in organisations
everywhere, and popular demand is beginning to outweigh the reservations of worried IT
staff. Mere prevention is looking less and less like a feasible option.
Similarly, legislation now obligates employees to seriously consider flexible working options
for employees that request it. This could be down to anything from excessive travelling to
those workers with commitments such as carers or new mothers. Regardless, organisations
will need to ensure these employees can access corporate data, applications and networks
remotely, from home or on the move, day or night. Providing such staff with secure access
points is vital to ensuring they can remain productive wherever they are working from, but it’s
also necessary to consider what corporate data they might be carrying with them, and how
best to keep it safe.
Securing Flexible Working
Page 1 of 2
Keep it Functional
Just as flatly refusing to acknowledge flexible working disregards the huge range of benefits
associated with it, so too can enforcing a poorly devised set of security policies strangle
the effectiveness of an attempted implementation. Importantly, employee flexibility is not a
uniform currency - every member of staff will have different requirements from corporate
systems that all need addressing and crucially, securing.
Of course, formulating individual user policies and security measures for each member
of staff would in most cases be an impractically large task. Fortunately, it’s also seldom
necessary. Instead, IT departments would do well to accompany any flexible working plans
with detailed user-profiling to reduce individual behaviours and requirements into more
manageable categories. By ascertaining which workers need access to specific applications,
on which devices from certain locations, IT professionals can establish broad user-types,
each with specific permissions and policies that can be managed collectively and centrally.
Reducing a workforce down to these groups not only makes securing access points a
much less daunting tasks, it can also speed the process of any plans to implement virtual
desktops – a measure that usually sits alongside and supports flexible working. With a
detailed plan of user-profiles, organisations can build and push out virtual desktops to
employees anywhere, equipping them with all of the data, applications and access options
necessary for them to work effectively. Employees can then access these virtual desktops
from either a thin-client, a secure container on an external device or even from a flash drive
providing highly secure access to private networks at no cost to productivity or functionality.
Make it Easy
Even with the most comprehensive security policy in the world, if it is too complex, obtuse
or time-consuming for employees to use effectively, chances are they’ll just ignore it. This
could mean one of two things: either they’ll stop working on that specific device or from
that specific location, or they’ll find a way to get around the restrictions. The former tends
to breed discontent and friction between users and IT, and the latter poses more serious
risks to security.
Instead there must be an intelligent discussion between IT and end-users to establish the
best balance between security and functionality. This doesn’t have to mean simplifying
security policies to appease uncooperative or impatient employees, but instead that
usage policies must be carefully designed to seriously consider their impact on end user
experience, and then clearly communicated to the people they will impact. End-users
will tend to behave in the most immediately intuitive and ‘easy’ way, especially if they’re
working on a device they partly own. Consequently, IT professionals must be mindful of
the employee behind the device they are securing, and the policies in place must be
reconciled with the needs and capabilities of the end user negotiating them.
Similarly, ensuring easy recovery from any unprecedented security breaches is obviously
one of the best ways to secure your data before problems arise. This is why many
organisations opt to keep company data off specific devices with a virtual desktop
arrangement. But in the event that an employee is carrying around sensitive information
that is then lost or stolen, forward-thinking IT departments will be able to remotely wipe the
device as soon as it becomes compromised. Proactive, multi-staged security measures
like this ensure flexible working doesn’t come at a cost to security, but rather improves it.
The Mansion House
Benham Valence
Speen
Newbury
Securing Flexible Working
Berkshire
RG20 8LU
T: +44 (0)844 2250526
F: +44 (0)1635 568001
E: info@2e2.com
Page 2 of 2
Related documents
Introduction - Prof. Gordon Crawford, University of Leeds
Introduction - Prof. Gordon Crawford, University of Leeds
Members' Code of Conduct - Bournemouth Council for Voluntary
Members' Code of Conduct - Bournemouth Council for Voluntary
Some common marketing terms
Some common marketing terms
`Soft Market Testing` What is
`Soft Market Testing` What is
Additional applied science coursework
Additional applied science coursework
Office of Government Relations and Institutional Planning Assessment Plans 2010-11 Unit Goal
Office of Government Relations and Institutional Planning Assessment Plans 2010-11 Unit Goal
Flying into Your First Job - London City Airport Consultative Committee
Flying into Your First Job - London City Airport Consultative Committee
Mod-10
Mod-10
Social Media Security Policy Best Practices
Social Media Security Policy Best Practices
Download
advertisement