Secure business transformation
Davey Winder investigates how to best protect enterprise networks and data while embracing BYOD, cloud and virtualisation.


"This can be simpler than it sounds. However, it should be addressed sooner rather than later or you'll be trying to undo years of poor practice," Laing advices. Here are his five steps for IT Pro readers wanting to implement a mobile data security policy:
1. Select a platform
The first place to start is deciding which platform and devices you wish to support. Most corporations pick Android and iOS. Then you start to build your strategy based around that. Remember, the platform you choose will influence the devices you allow and want to support.
2. Select a device
You need to know what you want people to be able to do with their device inside the corporate network. Windows 8-based devices, for example, have a huge advantage because they can facilitate integration into the corporate network and ensure that all staff have a standard way to access it. However, Apple seems to be winning the hearts and minds of the average office worker currently.
3. Select participants
The next step is to think about who you want to apply the Mobile Data Security strategy to. Are you going to apply it to all staff? Will you have the same restrictions that apply to corporate devices?
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
4. Select what you want to share
It then needs to be decided what corporate data should be shared. MDM/MFM solutions allow users to access files securely remotely. This enables real time syncing with the corporate network whilst on the go.
5. Set a budget
The total cost involved in implementing a mobility policy quickly adds up. There is the initial cost of purchasing the mobile devices, file management and security software and then IT labour costs. In order to remain budget savvy, businesses need to work closely with value added resellers to help implement an ecosystem that covers both the MDM and MFM challenges, at the best price.
Cloud
The majority (88 per cent) of business leaders in the UK believe that they relinquish responsibility for data security when it is stored in the cloud, according research by Iron Mountain. This means cloud is a transformational technology that can leave the enterprise at risk if not dealt with properly during implementation. Christian Toon, head of information risk at Iron Mountain, provided the following seven-point plan for IT Pro readers to help reduce risk when information is moved to the cloud:
1. Find out exactly where your data will be stored, who has access to it and whether it will or could be moved. This is vital for ensuring data security and integrity. Some data, for example HR records, cannot legally be moved across international boundaries.
2. Consider the physical and IT infrastructure of your provider's data centre. How secure is the building? Where does the provider source IT equipment such as servers and cables?
3. Don't forget the people. You need to trust the people who handle your information. Does your cloud provider have a rigorous vetting processes and security training in place for all employees?
4. Look for evidence of business continuity planning. Will your data be safe if something goes wrong? Does the provider have service recovery measures in place such as failover and redundancy, or back-up generators to minimise the impact of power failure?
5. Size matters. How much data are you trying to store? Attempting large-scale restoration from the cloud can be problematic. Moving information to and from the cloud requires large bandwidth. You're better off restoring from tape if you are working with volumes in excess of 20GB.
6. Don't put all your eggs in one basket. Depending on a single solution may mean that your back-up fails when you need it most. Build a tiered-approach so that you are prepared for any eventuality.
7. Safeguard sensitive information. The cloud may not be the best option for storing highly sensitive, unique or legally restricted data such as intellectual property, HR records or financial plans.
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Rebooting your BYOD strategy
In-depth With hybrid working becoming the norm, there's a need for a device management overhaul. What does BYOD 2.0 look like?
By Kate O'Flaherty
-
IT Pro Panel: Why BYOD is (sort of) here to stay
IT Pro Panel CIOs explain why they aren’t going all-in on personal devices
By Adam Shepherd
-
The IT Pro Podcast: Should companies spy on their employees?
IT Pro Podcast Where’s the line between security and surveillance?
By IT Pro
-
What are employers' responsibilities when we use personal tech to work from home?
In-depth With many more months of lockdown ahead of us, and workers reluctant to return to the office full time, it's time to think about roles and responsibilities
By Sandra Vogel
-
What is the 'personalisation of IT'?
In-depth With millions of people using personal devices for professional purposes while working from home, consumerisation has entered a new phase
By David Howell
-
WhatsApp delays controversial privacy update for businesses
News Users were asked to share data with WhatsApp’s parent company Facebook in order to continue using the service
By Sabina Weston
-
Lenovo ThinkPad L14 review: It’s not right but it’s okay
Reviews Pleasant enough for simple office tasks
By Sabina Weston
-
The consumerisation of IT continues apace – here’s how your business can benefit
In-depth BYOD may be a fact of business, but there are still more ways organisations can grow by embracing consumer tech
By Sandra Vogel