Suddenly it appears, another hazard to deal with on the road to growth: compliance. And it is fast becoming a top-three company priority next to cost and security. The concept sounds deceptively simple – conforming to accepted standards or laws. But in IT, compliance has become a moving target that does not obey the usual rules of the road.
Lawmakers today have been putting a new and visible effort into establishing stricter enforcement and harsher penalties when it comes to compliance. The next ten years will likely require more attention to and spending on compliance requirements than the past 30 combined. A new era of IT compliance has dawned, an era that will make Sarbox, PCI, and HIPAA look like child’s play.
Surprisingly, the backseat driver here is not business or government, but the always-on, über-employee of the 21st century. Mobile workers are the single biggest risk factor in IT compliance today. But pulling the plug on their handhelds is no answer when they represent the single biggest success factor for future competitiveness and growth.
There will always be squeaky wheels on the compliance car, but the vast majority of today’s employees are not looking to break the rules. They want to stay on the right side of all government and company regulations. The problem is most times they do not know if they are in a satisfactory state or not. And their numbers and associated risks are growing greater every year. The day is almost here when there will be more employees working outside the office than in one. While it is easy to spot these mobile workers, it’s not so easy to spot the risks – especially at high speed.
Anyone who has tried to change lanes at 65 miles per hour knows of the driving “blind spot” where certain areas of the road and vehicles on it are invisible. Although every car comes with a rearview mirror, many times an oversized truck speeding just inches away is out of view. Despite this risk, and the rising reports of fatal accidents, giving up the pleasure and productivity of driving is not an option.
Companies face a similar issue in the “Mobility Blind Spot,” the area outside the corporate local area network (LAN). This is the invisible and risky zone where standard software packages and reporting consoles cannot see or control what employees are doing with company data. Whenever a laptop, USB, or other mobile device is connected to the Internet outside the reach and control of the company, bad things can happen.
Traditional measures, such as personal firewalls, anti-virus, and virtual private network (VPN) tunnels are no longer sufficient to protect the company. IT departments would be better off stenciling a warning on the side of the server room: “Warning: Objects and workers outside the LAN may be less compliant than they appear.”
Unfortunately, the traffic in this noncompliant fast lane is building. The proliferation of the Internet, wireless networks, and mobile devices likewise has elevated the Mobility Blind Spot to an everyday risk situation far beyond the average sales person’s work habits. The new “mobile workstyle”1 has exponentially produced millions of simultaneous blind spots for companies around the globe, arguably on an hourly basis.
The problem is that compliance is difficult to see and track at any speed. It is not a product, a technology, or a singular process. It is a lawful state of being, subject to interpretation and degrees of satisfaction. It exists in overlapping pockets of time and space – and usually on a sliding scale. There can be no measure of compliance, no interpretation, no satisfaction if the IT manager does not have the tools necessary to see where, when, how, and by whom data is being used. Without that 360 degree view, there can be little sense of the dangers that exist around each turn.
The new Mobility Blind Spot demands that companies install rearview and side mirrors. But exactly what does that mean? In order for companies to achieve both corporate and governmental compliance, they need to implement technology, process, and behavior changes.
First, if the goal is to secure all data on all mobile devices, there must be a move to cloud computing. Only the Internet, not the LAN, can give IT managers access to devices like laptops and smart phones. While some are concerned that using the cloud might create more security risks, it is only a misperception as old as the lock on the server room door. The security tools are largely the same for clouds and LANs, just applied differently.
Secondly, the corporate IT infrastructure must extend to every part of the network, including laptops and mobile phones. There must be software on each device that requires the user to log in before it can be used to access company data – whether it is email, client invoices, the customer database, or financial records. The log-in must be fully encrypted and must be a secure Internet connection that can be accessed from anywhere.
Finally, the mobile IT system must be able to capture hundreds of pieces of information simultaneously and instantaneously. It should give full, real-time reports on the employees accessing the network, their locations, their connections, data they are accessing, whether they are using the proper applications in the correct way, what data they are sending and receiving, and a plethora of other information. All of this should be accessible through the Internet at any time of day by the approved IT managers. And it should be presented in such a way that they can instantly make decisions, ensuring that their interpretations and requirements of compliance are reached.
Companies that are at the top of their security game will also be able to instantly shut down people, applications, and connections that are out of compliance. Since employees will not and cannot police themselves, this is the highest and ultimately most desirable state of security.
The Mobility Blind Spot does not need to be dangerous. Using the power of cloud computing and a mobile infrastructure, along with applications that provide full 360 degree views, it is perfectly possible to drive the fast lane safely and lawfully.
But, like driving a car, technology alone will not guarantee safety. The best prevention includes both technology and behaviors. A quick glance to your right and left can only help. 360
1 Mobile workstyle is defined as the shift in employees’ work behavior where time of day and location has become more “anytime, anywhere” versus working within company offices and with company LAN-based computers.
Share
Copyright 2010 International Data Group and Fiberlink Communications Corporation.
Your Comments