In many organizations, a great deal of sensitive data is residing at the edge of the enterprise in a world devoid of corporate policy or control, which raises serious concerns relating to information security, compliance, and business continuity.
The renewed focus on corporate governance and regulatory compliance has brought with it many challenges for business and IT management, including the heightened need to report information that could materially affect the performance or standing of the company. However, with so much evidential business information now stored unmanaged at the edge of the organization, it is difficult to see how companies can meet this most fundamental of requirements.
If the information security management or compliance strategies of an organization do not extend to the edge of the enterprise, companies might find that most of their useful, and indeed valuable, information is put at risk. Quantifying this risk is, of course, very difficult, and so most business managers will tend to turn a blind eye and pretend that it is of little consequence; preferring instead to live in denial of this most important aspect of corporate governance.
If discussion of this topic is starting to make you feel a little nervous, then here’s a question that will make you really squirm: Are you able to ensure that the private and commercially-sensitive information held on your employees’ laptops, remote desktops, PDAs, smart-phones, and removable storage devices (e.g. USB memory sticks) is accessible only to those authorized to access it?
If this question leaves you with a queasy feeling in the pit of your stomach then you’re not alone, as relatively few organizations (only 3,615 worldwide at the time of writing) have a real grip on information security management. Organizations that have formally addressed this issue can be found listed on the International Register of ISMS Certificates (www.iso27001certificates.com).
Organizations and end users are still wary of information security management technology and its application, and yet there are clearly individuals within all companies and institutions for whom this kind of technology is almost mandatory. Company directors and executives must protect and manage highly-confidential information, as should the HR department and finance personnel.
The information security management market is replete with products and solutions that can help companies and institutions secure and protect sensitive information. Indeed, there are even free open source solutions (www.truecrypt.org) to protect those vulnerable USB memory sticks that we all carry around.
Weak information security management is a sign of weak business management. So, if you’re feeling confident in the way your organization handles information, then why not invite an information security management systems auditor round for a visit?
Source: OpinionWire by Butler Group (www.butlergroup.com)
