Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Variety of End User Environments Poses Increasing Threat To Data Security

Information Security Forum : 20 July, 2010  (Technical Article)
The Information Security Forum has summarised its research into end user environments and concludes that the protection of critical company data is increasingly falling into the hands of the user of the data
New social networking technologies, mobile devices and a more flexible and tech-savvy workforce are leading to increasingly complex and diverse end user environments with many greater security challenges, says the Information Security Forum (ISF). In its recent research, the ISF also found that vast differences in the knowledge, behaviour and actions of end users create further security risks; and believes organisations need to empower employees to take more personal responsibility for protecting critical and confidential information.

Most organisations have many different end user environments, often across physical locations and comprising individuals who use a wide-range of technologies to handle information. These disparate end user environments are subject to factors such as diverse cultures and different operating conditions that make managing information security extremely difficult. This problem is further compounded by the variety of corporate-issued and personally-owned devices and a blurring of the boundaries between work and personal computing. Furthermore, new Generation Y employees entering the workplace typically want to configure their own user environments, installing personal software such as applications for social networking, instant messaging, peer-to-peer networking and VoIP.

"Greater business and personal use of computing and communications and in particular, social networking websites are creating a major headache for information security professionals," said Mark Chaplin, senior research consultant at the ISF.

"Either deliberately or unwittingly, it is all too easy for end users to share confidential information with unauthorised individuals or corrupt critical information needed to support key business processes. Organisations need to recognise that the information security function cannot provide all the protection necessary without a complete lock down. Instead, much of the responsibility lies in the end user environment where more focus needs to be placed on education and awareness to create a culture where employees are empowered to protect corporate information as well as their own personal data."

'Another significant but often overlooked issue in the end user environment involves the widespread development and use of spreadsheets and desktop database programmes by end users to create their own applications," adds Chaplin. "In many cases these types of application are developed in an ad hoc manner, often outside of corporate control and are poorly protected. This can introduce significant risks when organisations become dependent on them (e.g. to support financial transactions or a manufacturing process) and they fail, for example, as a result of coding errors.'

In many cases it is not feasible, economical or practical to provide total protection for multiple end user environments. However, the ISF report entitled, 'Protecting information in the end user environment' - draws on the views and experiences of its members, some 300 of the world's leading companies and public sector bodies - to identify the areas of greatest risk and present practical recommendations.

'The first step is to understand the broad range of security challenges associated with end user environments in an organisation,,' says the ISF's Mark Chaplin, "It is not unusual for management, including senior executives, to be unaware of the value of information that employees have access to and use; the threats this information is exposed to when not adequately protected; and the potential business impact if this information is compromised in the end user environment."

Once the challenges are understood, organisations need to apply a balanced approach to protecting information in the end user environment. This involves establishing a security-positive culture; focussing on the organisation's critical and confidential information; protecting equipment and applications, including those created using spreadsheets or equivalent; restricting connectivity; and addressing the physical security of the end user environment.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo