To safeguard valuable information assets from unauthorized use, IT departments use methods like partitioning, authentication, and firewalling. To access these assets, the workforce of the 21st century use a range of techniques on devices such as laptops, desktops, tablets, phones, and watches. Many of these devices are mobile, facilitating access to valuable information from anywhere, at any time, over networks that may not be secure. And often, devices are being used to access information without being authorized to do so. Such behavior presents risk. IT departments however, need to shift from the position of restricting access for the sake of security, to providing access while maintaining security. SAM can provide the visibility required for the IT department to become the technology enabler and support the organization’s needs, without compromising security.
Getting the right balance between protection and availability is a classic security conundrum – a problem made more complex by technology, device proliferation, and tech-savvy users. To unravel some of that complexity, I believe that insight is critical. You can’t protect something if you don’t know it exists. Modern user behavior undermines IT in their efforts to ensure that there are no blind spots in the network. So, let’s dig a little deeper into the behaviors and challenges that impact the ability to achieve full visibility of the IT estate.
Technology evolution has enabled information assets to be accessed, modified, shared, and deleted through any device, from anywhere. The mass adoption of mobile technology, cloud computing, and constant connectivity has effectively shifted the responsibility to protect assets from the IT department down to the individual user – each with their own experiences and level of security awareness.
Tech savvy employees don’t care to wait. Mobile devices have empowered people to download software as they need it, make use of it, and then forget about it. Waiting for approval, paying for licenses, and understanding the impact of licensing terms and conditions (T&Cs) tend to be low on the list of priorities when deadlines need to be met. People work from anywhere and use their own devices and applications (BYOD/BYOT) as well as those provided by their employers (Company Owned, Personally Enabled: COPE). In response to this shift, software publishers like Adobe and Microsoft have changed the way they license their products, providing users with greater flexibility.
LOCKDOWN DOESN’T WORK
Organizations that enforce tight security measures see their employees moving on, or circumventing set procedures in the name of digital expediency. The spread of the wannacry worm is just one example that highlights the risk faced by organizations using out of date technologies. With the GDPR coming into force, many companies are reviewing data security processes to ensure compliance, and are turning to technology to get the right balance between employee flexibility and overly-tight security.
IGNORING THE FINE PRINT
I, for example, use a cloud-based app to share photos and files with my family and friends. The license terms state that the app is free for personal use. So, what happens when I share information from my private cloud space with one of my colleagues using a public Wi-Fi hotspot? Not only am I exposing my employer to the risk of data leaks by using an insecure network, I am breaching the T&Cs of the software agreement. A deeper investigation of the T&Cs reveals that if more than a dozen people within my organization start using the app to share information, my employer is liable for a business license for each user. But neither my CFO, nor the IT department will be aware of this liability until an audit is a fact (read more in our blog on Managing mobile device usage agreements).
THE ROLE OF SAM MANAGER
So, how is it possible to gain a 360-degree insight into the software estate when BYOD, new devices, technology evolution, user behavior, and lack of awareness work to undermine IT and security teams and their efforts to keep a grip on the network estate? SAM managers have a key role to play because the solutions they rely on provide them with this insight. Gaining insight starts with Inventory of the software estate – ensuring that the blind spots are picked up, as they are often a source of risk. Enterprise mobility management (EMM) solutions, such as Snow Device Manager, inventory the mobile park, and deliver mobile SAM capabilities. They can, for example, provide a software store of approved applications, delivering sufficient freedom to users while at the same time ensuring license compliance. Security measures, such as remote wipe for lost devices, data encryption, and removal of blacklisted applications, will help organizations to protect information assets and personally identifiable information (PII). Automation tools like Snow Automation Platform enable the IT team to, for example, provision devices automatically with local network settings, improving security through generated passwords that are never shared with users. By controlling settings and automating common processes, human-error is reduced and the power of cloud computing can be unleashed securely into the organization.
ACHIEVING THE BALANCE
BYOD isn’t going away, smartwatches are the next device that corporations will need to address, and the complexity in achieving the balance between protection and ease of information access will continue to rise as technology evolves. Achieving this balance is a constant journey of reassessment that starts with getting to know your unknown unknowns. With a deeper understanding of what is going on in the network, SAM managers visibility provides the insight that is vital to build secure IT environments. Learn more about multiplatform inventory to gain complete visibility of your IT estate by having a read of our eBook: Remove Your IT Blind Spots.