The CIO's Job � Protecting What Matters - Page 1

Sep 17, 2009

James Menendez

IT security is a core business concern. Malware, hackers, sabotage, natural disasters, terrorist actions or accidents could affect an unprotected enterprise at any time. Most CIOs are already implementing security measures such as firewalls, anti-virus and backup services, and conducting business-continuity and disaster-recovery planning.

However, IT's customers rarely have the same view on protection and security. They just want reliable IT systems that are ready whenever they need them. Even if they appreciate the need for security measures, they don’t want to have to remember a stack of passwords or worry about running complex backup procedures. They may also be unaware of security risks, such as the vulnerability introduced by writing down passwords, losing their laptop or cell phone, or opening the door to malware by clicking on links in emails from unknown senders.

At the same time, as customers become more tech-savvy, they are clamoring for access to the latest technologies that can enhance collaboration, mobility and productivity. If these tools are to be introduced and endorsed by the business, you must find a way of integrating them with existing systems and applications so that their benefits can be exploited―without compromising security or the enterprise's assets.

For CIOs, the issue is how to bridge the gap between what end consumers need, want and demand and how to balance the security risk and cost against the business benefit. As a CIO, the question is how do you achieve your business objectives with security initiatives that reflect the actual value-at-risk, apply appropriate expenditure, and enable more effective management of risk across the enterprise?

Protecting the Enterprise

So, how can a CIO protect the enterprise? First, define a set of assets that receive a prioritized level of protection. In practice, this means, for example, protecting or duplicating the hardware that supports the ERP system will take precedence over ensuring the availability of individual PCs. Treat linkages between and information about customers, suppliers and partners as critical, and implement and embed strict controls into your operations to provide demonstrable protection and peace of mind for these entities.

If mobile and remote workers are allowed to use mobile devices such as laptops or PDAs to access corporate resources or work remotely, they will almost inevitably end up storing confidential and other corporate information on those devices. What happens to the information on the laptop or PDA if they lose it, or if it gets damaged or stolen? Not only does the information need to be duplicated elsewhere, so the worker can access it again at short notice, it must also be protected from unauthorized access should the original device fall into the wrong hands.

In addition to offering Internet-based backup and restore services that are ideally suited to mobile working, a managed data-encryption service can also prevent information from being accessed on lost or stolen equipment. Once the user has authenticated with the service, encryption runs transparently as a background process, automatically protecting valuable data without requiring the user to take additional steps.

Lights On

For all employees, whatever their role, reliable, always-available IT is vital to carrying out their jobs. If there’s a problem, whether it’s their own PC that fails, a corporate application that goes down, or an email server that crashes, the end-result is the same—they can’t get on with their job, and to them, IT has let them down.

Page 1 of 2

Tags: social networks, IT security, mobile devices, risk management, CSC,

0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.