You must be logged in to post a comment to this blog.
ISACA > Journal > Journal Author Blog > Posts > Storm Clouds and Mobile Madness in Communications
Storm Clouds and Mobile Madness in Communications
William Emmanuel Yu, Ph.D., CISM, CRISC, CISSP, CSSLP

William Emmanuel YuNot so long ago, all businesses had traditional brick-and-mortar operations. Employees had access to communications facilities within these brick-and-mortar facilities. Security was hinged on the fact that controls could be placed in both the facility and the equipment contained in the facility. Cloud-based communications offerings removed the tether to the office desk and Bring Your Own Device (BYOD) mobile-enabled offerings removed the tether to the office equipment. The untethering trends in communications have focused on 3 main areas:

  • Electronic mail. Email solutions allow access from anywhere with Internet access and from a broad range of devices including mobile. A number of these offerings have value-added services such as spam and malware filtering, archiving and even some enterprise groupware functionality (i.e., calendar, address books, document sharing). Major players in this space include Google Apps, Rackspace Email and Zoho.
  • Instant messaging. Email is frequently used as an instant messaging solution with the advent of push email. However, real-time messaging is making a comeback via mobile-centered instant messaging offerings (i.e., Whatsapp, Vibr, Facebook). Enterprise instant messaging functionality (e.g., organizational groups, directory services) has not quite managed to creep into these offerings yet. But, this does not stop business from using these channels.
  • Telephony. Telephony solutions offer follow-me services that allow an enterprise user to have one telephone number that allows people to reach them either in the office or on the go (via mobile). These offerings are now available for entire enterprises and not just individual users. They have a rich set of enterprise functionality, including conferencing, recording, voice mail, messaging triggers and call routing. Gone is the day when companies needed to procure full IVR/PBX solutions to join the ranks of the enterprise “big boys.” Today, a credit card and Internet access can provide you with such services. Major players include Twilio and Ring Central.
In the new Wild West of communications, information security professionals must adjust to the mind-set that security via controls in well-defined and limited enterprise facilities—the Fort Knox Mentality—is coming to an end. Information is now scattered in many places:  physically stored in disks with a hosting provider, in transit among many Internet and telecommunications providers, and cached in the many individual devices an enterprise user may carry. Today, all of these areas, including additional areas of concern such as safe harbor, right to forget, data repatriation and ownership, and need to clean as you go (CLAYGO), must be considered in the eyes of information security.

Read William Emmanuel Yu’s recent Journal article:
BYOD Security Considerations of Full Mobility and Third-party Cloud Computing,” ISACA Journal, volume 1, 2013

Comments

There are no comments yet for this post.