Editorial & Analysis
Popular
Technology Categories
- Security (277)
- Desktop Virtualization (232)
- Uncategorised (224)
- Public/Private clouds (223)
- Applications (219)
- Business Continuity (213)
- Server Virtualization (192)
- BYOD (190)
- Network Virtualization (182)
- Storage Virtualization (170)
- Big Data (154)
- Availability (148)
- Network Perfomance Management & Monitoring (145)
- Archiving & Back-Up (136)
- Consolidation (127)
- Wireless LAN (121)
- Performance Management (120)
- Software as a Service (SaaS) (113)
- Network Capacity Planning & Management (113)
- Infrastructure as a Service (IaaS) (113)
- Systems Management (111)
- Hosted solutions / applications (111)
- Network equipment, Repeaters, Hubs, Bridges, Switches, Routers (110)
- Governance, Risk & Compliance (104)
- Data Deduplication (103)
- Servers/Hardware (96)
- Mobile Security (92)
- Virtualization Security (91)
- IP Convergence (89)
- Storage as a Service (88)
- Storage Area Networking (SAN) (87)
- Storage Networking – IP storage,Infiniband & iSCSi (86)
- Disk Storage, Flash, SSD, Optical (85)
- Application Delivery Network (84)
- Capacity Management (83)
- Wireless Security (77)
- Energy Efficiency (76)
- Business Intelligence (76)
- Automation (75)
- Unified Communications (74)
- Enterprise Mobility Management (74)
- Mobile Device Management (71)
- Flexible & Smarter Working (70)
- Risk Management (69)
- Campus Networks (67)
- Design & Build (65)
- Recovery (65)
- Platform as a Service (PaaS) (63)
- Managed Security Services (61)
- Content Monitoring/Filtering (56)
- Managed Network Security Services (50)
- Smartphones/Tablets (49)
- Managed Hosting (49)
- Email Archiving & Management (49)
- Risk Analysis (47)
- Identity & Network Access Control/Management (47)
- Business Impact Analysis (47)
- Collaboration Tools/Applications (45)
- Enterprise Content & Document Management (45)
- Network Attached Storage / NAS (44)
- Fibre Channel over Ethernet FCoE) (43)
- Mobile Enterprise Applications (43)
- Cabling (41)
- Storage Resource Management (SRM) (40)
- Mobile Platforms (40)
- IPv6 (40)
- Penetration Testing/Risk & Vulnerability Assessment (38)
- Thin Provisioning (38)
- Information Lifecycle Management (ILM) (38)
- Workflow & Process (36)
- Load Balancing (36)
- Optical Networks (35)
- Forensics (34)
- E-Discovery (30)
- VPN/SSL (29)
- Regulation & legislation (29)
- Unified Threat Management (29)
- Power & Protection (29)
- IP Telephony (28)
- Tape Storage (27)
- ISP's (26)
- Communications-Enabled Business Process (24)
- Enterprise Search & retrieval (24)
- HPC (23)
- Metropolitan Networks (22)
- Mesh Networks (21)
- Collaborative Communications servers (Exchange etc) (21)
- Video/Web Conferencing (20)
- Encryption/PKI/Digital Certificates (20)
- Field Services (17)
- IP PBX (16)
- Transparency (15)
- Audio Conferencing (14)
- Openflow/Software Defined Networking (14)
- Wireless Expense Management (11)
- Risk frameworks (11)
- Fixed Mobile Convergence (10)
- Instant Messaging (10)
- Data Masking (9)
- Classification (8)
- SIP Trunking (8)
- Social Software (7)
- Data Erasure (6)
- Presence (6)
- BS25999 (5)
- HVAC (5)
Popular Categories
Company insiders pose greatest risk to data security, says IP EXPO survey
22 Nov 2011
Security presentations at IP EXPO 2011 aim to address IT decision-makers’ key concerns over data risk. Jessica Twentyman looks at some of the seminars on this year's agenda.
When it comes to data security, IT decision-makers are more concerned about the risks posed by company insiders than they are about hackers, negligent cloud-service providers or their company being hit by a natural disaster.
In a recent IP EXPO survey among IT professionals intending to visit the show, respondents were asked to rank various security scenarios in order of risk. According to one in four (24 percent), the loss of mobile devices such as smartphones, laptop and tablet computers by employees is the greatest data risk that their organisation faces. One in five (21 percent), meanwhile, believe that mistakes made by staff and compounded by technical error (for example, failed computer back-ups) pose the greatest risk.
The theft of corporate data using portable storage devices such as memory sticks – a crime that is most frequently committed by employees (particularly those departing for a new job elsewhere) but also trusted outsiders such as contract staff – was cited as the number-one threat by 19 percent of respondents, while seven percent cite intentional sabotage of hardware/software by employees.
By contrast, the actions of unknown outsiders or external forces seem to cause far less concern. One in ten believe that malicious hacking and industrial espionage pose the greatest risk; the same proportion rank natural disaster, such as fire or flood within the data centre in first place; and only 6 percent cite poor security processes at cloud providers as the top threat.
With those findings in mind, there’ll be plenty of information and advice for IT decision-makers looking to tackle the data-security threats posed by insiders, more frequently through unintentional mistakes and negligence, but sometimes wrong-doing.
Losing a mobile phone, after all, is notoriously easy to do – but few companies today are prepared to compromise employees’ productivity and most want them to be able to access key applications, even when they’re on the move. On the first day of IP EXPO 2011, Vodafone pre-sales consultant Tarik Reid will address this issue in his presentation ‘Improving Productivity Through Secure Mobile Working'. As he will explain, traditional approaches to data security have often involved ‘locking down’ corporate data – but in a world of mobile workers, this is no longer workable. In his session, Reid will talk attendees through a more open approach to security, where productivity is allowed to thrive, not compromised.
That said, there are some types of confidential data that organisations simply don’t want to be accessible from laptops in coffee bars, regardless of who’s in control of that laptop – customers’ credit-card details, for example. Here, access control technologies can be a help, enabling IT security teams to apply careful rules that dictate how certain applications are accessed, depending on the user’s location and the device that they are using.
This will be the subject of a presentation by Peter Silva, technical marketing manager of F5 Networks: 'The Context of Access Security'. In a world where employees use numerous computing devices from a wide range of remote locations, “context is key,” says Silva and fine-grained rules need to be applied in order to achieve the appropriate levels of access control.
Whether an organisation’s IT security priority is giving appropriate levels of access to authorised users or keeping outsider out, however, we anticipate much interest in a presentation by Nigel Stanley, practice leader at IT analysis firm Bloor Research, which will be running on both days of the conference.
In ‘Information Security as a Business Enabler’, Stanley will paint a picture of the current information security landscape from an “objective, dispassionate viewpoint”. His overview will cover both insider and outsider threats, touching on mobile device risks, cybercrime and the protection of intellectual property.
Better still, he aims to provide attendees “with the key questions to ask suppliers”, in an industry “alive with jargon, fear-inducing stories and excitable vendors.”
