Wednesday, 2 March 2011

Transformational Security

A couple of weeks ago, I attended an event hosted by Computer Weekly, SC Magazine and a couple of others. “Information Security Leaders 2011: Transformational Security” - as you might gather form the title it was a look at how and why things are changing and how to provide security in the newer IT landscapes.

Although a lot of people think that these are just junkets, with a chance to pick up some SWAG and eat and drink at someone elses' expense, I actually find these events very useful. Working within IT can have its problems; all too often, we work in small groups, and it's very easy to become isolated. This means that we develop set habits, and forget that there may be other ways of doing things.

Getting out to events like this can be really useful in many ways. It's interesting to talk to others in the industry and see just what kinds of problems they are facing. All too often, we might think that we are the only ones with a particular issue, only to find many other people with exactly the same problem. I really like to share advice and information on how we approach some of these and how and why we go down the route that we do.

This particular event was very useful. There were some keynote speakers that offered a real insight into just how things are changing and why; and they offered some considered advice on how to look at this as an opportunity. In particular, the concept of "consumerisation" was raised - people wanting to use their own equipment that they use for home based email, social networks etc, then wanting to use the same items for work use. (That's not just the same make or model, but the actual device).

At first, I thought that this was not an issue that we would face; but then I realised that it has already happened. We have a number of staff that have their own mobile phone (smartphone device) that are then trying to connect up so that they can get their email on the device. It's not been a major issue so far; but what would we do if one of those people then left the company? (OK, cancel their email account is a start, but what if they had access to someone else's account as well?)

Or how would you react if they lost their mobile device and someone else found it and then could use this to get access to company systems. The answers may seem simple, but as the speakers pointed out, this is the thin end of the wedge, and it's going to start happening a lot more often and involve a lot more devices and people.

All in all, the event was a good day (and yes the food was good!); it was also very useful from the point of view of getting people to think slightly outside of their comfort zone. If there are any more events of this type, either this year or in the future, I would strongly recommend thaking the opportunity to get along. You won't regret it!