Collaboration today is becoming a necessity for every organisation, and it is no more a nice-to-do thing. Organisations implement social networking tools, to enable business users to tap in to the collective intelligence of the organisation, to get work done in a new and efficient manner to achieve better business outcomes.
The challenge every CISO faces is balancing Convenience versus Security: how to secure the information when the trend is towards collaboration and unified communication. Employees want to work from anywhere, anytime, and on any device. So, in a digital world, organisations are not having any boundaries and hence CISOs need to re-look at their controls to ensure information security.
The typical security challenges that need to be addressed by CISOs are:
- Security concerns in Collaboration: As employees start using the collaboration tool and to share their experiences, there is a challenge in protecting the client and restricted information from any security breach. Also, the collaboration tool will be at higher risk, as the information gets stored in one common repository.
- Data Privacy: Balancing surveillance and data privacy of individuals.
- APTs: Increased risk due to Advanced Persistent Threats and loss of data.
- End point security: As employees use multiple devices to connect to the corporate network, it has its associated challenges, and organisations need to implement necessary controls. The typical challenges are listed below:
- Smartphone: Information leakage through high resolution cameras, audio recorder, Near Field Communication (NFC) and hi-speed internet access.
- Bring Your Own Device: In BYOD, as employees bring in different assets (different make, different configurations, different OS), it will be very difficult to ensure physical security and provide the required IT support
- Enforcing organisational policies on BYOD assets.
- Cost of managing the compliance software licensing, policy enforcing agents and remote wipes.
Some of the controls that need to be ensured by the organisation are:
- Make a detailed information protection plan understand the information that is handled by the organisation, do a detailed risk assessment and evaluate the current controls. Implement additional controls as required to prevent security breaches, depending on the information type.
- Containerisation have properly identified containers to store information based on classification levels.
- Have defined policies and procedures which cover collaboration process, data security and privacy concerns.
- Participate in cyber mock drills organized by central nodal agencies such as CERT-IN, DSCI etc.
- Ensure that the employees are given proper training on how to use a collaboration system effectively and how best to use it. They should be made aware of the vulnerabilities that exist in the social collaboration and the precautions that need to be exercised by them.
- Have scenario based awareness sessions to ensure that employees are aware of the typical security breaches, their impact and the measures to prevent/manage such breaches.
- Embrace best practices, follow security standards/frameworks and participate in industry meetings for knowledge sharing.
Madhu K is VP & CISO, Polaris Financial Technology Ltd