Establishing Digital Trust: Don't Sacrifice Security for Convenience
Cisco recently announced the results of its nationwide Securing the Mobile Workforce survey, which finds that while organizations are increasingly using laptops, smartphones, and VPNs to increase employee productivity, they remain unprepared to allow their employees to telework effectively in the case of a natural disaster or other disruption.
The survey, which was commissioned by Cisco and conducted by InsightExpress, was based on interviews with 502 IT decision-makers, from U.S. businesses of all sizes (from 20 employees to more than 10,000) and across five key verticals: health care, retail, finance, government, and education.
Fred Kost, Ciscos director of security solutions marketing, says the objective of the survey was simple. With more and more mobile devices coming into enterprises, and that really changing the workspace, we just wanted to try and understand what people are doing to enable a remote workforce, he says.
Among the findings, Kost says, one thing that jumped out was the fact that only 15 percent of respondents named security concerns as a key issue preventing them from further enabling remote workers--38 percent simply said their business requirements dont necessitate it.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
At a basic level, Kost says, that indicates a lack of planning for disruptions: 53 percent of respondents said that less than half of their employees are set up to work remotely, and 21 percent said they have no employees enabled to work remotely at all.
Only 22 percent said their current remote access solutions put their companies in a good position in terms of disaster preparedness and business continuity.
The point is that while companies appear to see teleworking as good for productivity, they dont understand the need for disaster preparedness: 71 percent of survey respondents said employee productivity was a key driver for enabling remote access.
Still, there are differences between verticals: businesses in health care and finance are generally better prepared for disasters than others.
And while the cost of enabling teleworkers could range from tens of dollars per employee to several hundred or more, Kost says, whats the cost of not taking a customer order, not answering a customer phone call, or losing that customer? Theres some real business cost if your business is disrupted because your employees cant get to the office and cant do their work--and theres lots of reasons that can happen: it could be transit-related issues, it could be weather, it could be a natural disaster.
The survey also exposed a key shift in telework practices: while 63 percent of respondents use laptops for remote access, fully 43 percent use smartphones. Organizations are seeing a lot more smartphone devices being used to enable some sort of remote connectivity back to the business, Kost says.
That development, Kost says, presents some challenges for those tasked with ensuring enterprise security. Were seeing some new devices coming into the environment now the iPhones coming to work, or the Androids coming to work, and theyre figuring out how to get it on the corporate network, he says.
While a laptop can easily conform to a companys security requirements, Kost says, in comes your smartphone, and it may not even have the ability to put that same security footprint on it What do I do differently to make sure that device getting on my network is secure?
Looking forward, Kost says, that has to be a key focus for the industry. Theres some work we have to do to rethink how we do security for those kinds of devices--because I may not be able to have a traditional security footprint on my smartphone device, yet it has IP connectivity, and it can get to the network, he says.
Whatever the answer might be, Kost says, its going to require flexibility on the part of the businesses managing those devices. Smartphone security is an area where I know weve got more work to do, but its an area where organizations are definitely seeing the challenge--and the challenge is to rethink some of the ways weve approached security, he says.
Jeff Goldman is a veteran technology journalist and frequent contributor to eSecurityPlanet. He is based in Southern California.