Security pitfalls in the age of the consumer

By

Pothole (pot hole, road damage, winter)These days, everyone has choices.  Everything from what we wear on our backs to what we eat and buy comes with a list of options. Want to rent a boat and fishing rod for the weekend? Do a quick google search for “boat rentals” and see the list of contenders. So when it comes to business tools, why should this be any different?          

Knowledge workers want the best

Workers today want the best, the fastest and the easiest tools to make their jobs easier. With the amount of pressure on them to deliver, end users today only care about one thing: does it get the job done. Luckily for them, we live in “the age of the consumer”, where people are given direct access to the tools they need. In Foresters’ latest article about security needs in the modern age, Andrew Rose sums up the current corporate temperature.
“The power of instantaneous communication, social networks, and accessible platforms such as cloud and mobile have created a perfect storm, where the power has been wrested away from corporate leaders and placed into the hands of the business and consumers with which they want to do business.”
Andrew goes on to make the point that security and risk professionals need to use security to enhance, not restrict the customer experience, and foreshadows some of the risks of failing to do so.
“Customers know they have choices for most products and services, which means the customer experience must be positive at every touch point — online, mobile, and retail. Unfortunately, they often feel that they have to do this without involvement from the technology management organization, including security, to fully deliver the functionality required within the timescales they demand. This can lead to “shadow IT,” where employees are provisioning their own technologies and services and using data in uncontrolled and noncompliant ways.”

Security or sinkhole?

Although ‘Shadow IT’ is not a new concept, it still continues to undermine security and circumvent policies by harnessing unapproved technologies in the workplace. S&R leaders in large organizations have become so familiar with certain technologies, particularly public cloud storage providers like Dropbox, that they are quick to blacklist them. This is a pitfall however, because by doing so blunts the business edge organizations need, in order to retain competitive advantage.
“A secure business is fine, but if you restrict growth during this age of the customer, you will likely find yourself protecting assets of rapidly diminishing value.”

When the going get’s tough

The last thing any S&R professional wants is to hinder growth in their organization. This is where things get a little challenging. It is not easy to find the right technology that both enables users, by giving them what they want, while also providing the adequate level of visibility and control over sensitive corporate data. It takes a keen intuition, and a lot of hard work to stay abreast of the latest technologies and to find this balance. Then hopefully implement it before it’s too late.