Last month, I was appointed Vice President and Global Chief Information Security Officer (CISO) at Unisys. In my new role, I will work with functional leaders across Unisys, other vendors, and our partners to develop, enhance, implement, and integrate effective global information security policies, standards, guidelines, and procedures. I will also assist in client presentations, events, and developing service delivery models and client material on matters pertaining to digital security.
This new role brings me even closer to the issues covered in Unisys’s recent consumerization of IT study and has confirmed in my mind that the consumer’s adoption of new mobile technology is a vital, emerging trend worldwide. Enterprises must have a clear vision or plan to manage the colossal change coming their way.
The traditional approach to IT security is built around the notion of perimeter security, in which enterprises use technologies to create a boundary that keeps the bad guys out and good guys in. And now, with the consumerization movement, we need to start with the thought that the bad guys are already inside our networks.
I strongly believe this security concern is only going to get worse, as unimaginable amounts of corporate data finds their way into consumer devices such as external hard drives and thumb drives; social networks such as Facebook and Twitter; and apps like Gmail and other collaboration tools powered by cloud computing. The exciting part of the consumerization movement is that it puts significant power in the hands of the average worker. But that same benefit could also prove awfully dangerous.
So how do we get control over data in the irrepressible technology structures of social networks and mobile devices? End-user education is where we need to start. Our data problem is a people problem. It’s a pretty basic way to address the issue, but I can’t state strongly enough how important it is. In organizations like the Department of Defense or the Department of Homeland Security, education can mean the difference between life and death.
We also need to re-prioritize our approach to data. We have to determine what kinds of data should be made available on users’ mobile devices. Not all data is equally important, and it’s up to the CISO, the CIO, and other enterprise leaders to make sure that the most crucial data isn’t disbursed to a large number of employees’ mobile devices. Based on this vision, the organization will need to develop a blueprint to evolve and modernize their business applications in order to create a competitive advantage, increase productivity, and foster innovation.