Balancing security and availability: the key to managing the ICT divide

The introduction of the always-on enterprise has seen many decision-makers needing to juggle their data availability demands with effective ICT security policies. These two elements need not be at odds.

Being connected has become a business necessity. South African organisations are no longer just competing against one another — they are competing with global ones as well. Thanks to the digital world, customers have a plethora of choices available to them for products and services that meet their needs and budgets. This round-the-clock cycle means availability of information is of critical importance.

Part of this always-on revolution has been the growing reliance on mobile devices for access to business-critical (and highly sensitive) back-end data. Field workers, sales reps, IT technicians, and other ‘mobile warriors’ require a link to the modern data centre containing key information required to make business decisions in as real-time a manner as possible.

The days are long gone where executives can afford to wait until they get back to the office and examine documents there before making the call to move ahead on a project. The very nature of business has become always-on and expectations are that information needs to be accessible from any place, at any time, using any device.

Of course, this puts a significant strain on corporate security policies. In the pre-connected era, it was a lot simpler to protect corporate assets. Granted, hacks and data compromises have been taking place even before the first computer was connected to the internet, but the focus has shifted in recent years.

Now, decision-makers need to contend with all the elements that define always-on — multiple devices, multiple access points, growth in data, different forms of connectivity, and so on. In a certain sense, the BYOD (bring your own device) era initiated this evolution. In the past, it was easy to block personal devices from accessing corporate information. Then it became a matter of ring-fencing that data on a device, and finally, the dam walls have broken, with accessibility being the focal point for many.

Yet, this focus need not cause undue concern. While it is easy to get swept up in a panic that corporate data is exposed in the always-on environment, the basic tenets of security still remain. Having a security policy in place that is cognisant of devices and reflects accessibility on a per-user level is already taking great strides in effectively protecting data.

As with all things, there needs to be a balance between protection and usability.

There is a fine line between ensuring your data is safe but still enabling employees to benefit from being always-on. However, the usability of security is not a new discussion.

IT departments would love nothing more than to tie all data down behind two-factor authentication, biometrics, and so on. The practicality of that means there is a bit of give and take required. Despite this, a vital step in any security policy in the always-on world involves user education. If employees do not understand the risks (or consequences) of losing corporate data, then the best systems in the world mean nothing.