In this age of Bring Your Own Devices (BYOD), employees expect to do just that. As the information security gatekeeper, it is your job to protect the enterprise from internal and external harm. Ultimate protection of the enterprise, however, has to be a team effort or things will go awry.
In their recent First Post blog article, Gartner experts Paul Proctor and Tom Scholtz encourage us to put people at the center of enterprise security. The concept, referred to as People-Centered Security (PCS), is summarized below:
Motivating Safe Behavior
PCS is based on a set of key principles that underpins the rights and related responsibilities of individuals. The premise of PCS is that employees have certain rights. However, these are explicitly linked to specific responsibilities.
If an individual does not fulfill his or her responsibilities, or does not behave in a manner that respects the rights of his or her colleagues and the stakeholders of the enterprise, then that individual will lose certain rights and be subject to disciplinary procedure.
For example, users are given the right to use their personal iPads for corporate email without any mandated preventative security controls. They are also personally responsible for ensuring that no confidential data is compromised via their use of the iPad. The IT organization will offer protective security solutions, but the users have the autonomy to decide if they want to adopt these controls or not. If they lose any data, they potentially lose the right and the convenience of using it for company mail.
Security programs should boost their attention to educating users about what’s at stake in risky practices adopted for convenience. Simple behavior changes can do as much, or more, to protect your enterprise than spending millions on complicated technology that will make users miserable. Users will immediately seek to bypass poorly conceived technical solutions and put even more data at risk. Avoid this outcome.
For more advice on how to adopt a people-centric security atmosphere, read the full First Post article.
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.