Advances in Technology Have Transformed the Way

¶ … advances in technology have transformed the way that firms are addressing security related issues. This is because most devices have become much smaller and they are often focused on providing users with remote access. As a result, these kinds of platforms are a potential danger to all organizations. ("Guidelines for Securing Mobile Devices," 2012)

Evidence of this can be seen with observations in a report prepared by Stanford University which said, "Mobile computing devices can store large amounts of data, are highly portable and are frequently unprotected: they are easy to steal or lose, and unless precautions are taken, an unauthorized person can gain access to the information stored on them or accessed through them. Even if not stolen or lost, intruders can sometimes gain all the access they need if the device is left alone and unprotected, if data is 'sniffed out of the air' during wireless communications, or if malware is installed. The results can include crippled devices, personal data loss, disclosure of non-public University data, and disciplinary actions for the device owner." These different areas are showing the challenges of shifting platforms. In the future, these issues will become a major threat that must be continually dealt with on a regular basis by all corporations. ("Guidelines for Securing Mobile Devices," 2012)

As a manager, how would you plan on securing organizational data?

In order to address any kind of security issues; requires that an all-encompassing approach is utilized. This will be accomplished by focusing on a number of different areas that will improve the total amounts of protection. These include: conducting regular training, encrypting all data, having back up procedures in place and rotating the SSH regularly. The combination of these factors will work in correlation with each other to address a host of challenges. Once this takes place, is when the firm will be able to adapt and evolve with new threats. This is the point that the underlying risks will be dramatically reduced. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

In the case of conducting regular training, there needs to be an emphasis on understanding the threats facing the company and identifying potential solutions. The best way that this can be achieved is through knowing the environment. This means analyzing the possible weaknesses and threats. Once this happens, is when personnel must create a protocol that will address these challenges. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

After this occurs, is when effective training must be conducted on a regular basis. This will take place at least once per quarter through a series of workshops and practical examinations. This will teach staff members about possible early warning signs of security breaches and how to effectively respond. When this occurs, employees will serve in a role of monitoring and identifying any kind of possible issues. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

It is at this point that the underlying threat can be isolated. Every quarter, this training will be continually updated to reflect new threats and how to deal with them. If this kind of approach is used, it will increase the total number of people monitoring these issues (which will have an impact on the firm's ability to mitigate these challenges). ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

The encryption of all data is when any kind of sensitive information is available only to the end users. For those individuals who are seeing this information over a mobile device, these services are often unavailable. This is because the majority of data is not protected in the same kind of format as a secured network (thanks in part to the cloud applications that are being utilized). To address these kinds of challenges, all firms must have a third party provider that will encrypt all data. This will make it more difficult for hackers to view sensitive information that is being transferred from the server and the mobile device. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

Having back up procedures in place is looking beyond the common solutions that are often utilized by firms. What normally happens is most firms will have some kind of certificate of authority (CA). This is an application that is designed to provide added assurances about the safety of using a particular platform. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

However, the problem is that most companies will over rely on these applications. This is troubling, as hackers have become more sophisticated and can sometimes circumvent these procedures. Once this happens, is the point that the firm will face increased risks. To deal with these challenges there needs to be some type of backup protocols that will mitigate these kinds of threats. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

SSH key rotation is when former employees could use their old user name and password to gain access to sensitive information. When this happens, the risks of security breaches will increase exponentially. To deal with these kinds of challenges, there needs to be an emphasis on updating SSH key rotation at least once a year. If this can occur, it will help to prevent any kind of external security breaches from former employees. ("2011 IT Security Practices," 2011) ("Enterprise security best practices," 2011)

These different areas are showing how all IT managers must be able to take a proactive approach in understanding the threat and its impact on the firm. This means that they must be vigilant about new vulnerabilities and how to adjust with them. If this can take place, it will help to effectively mitigate any kind of threats over the long-term.

How does security effectiveness and relative cost figure into those plans?

The total solution that will be utilized means that the levels of efficacy must remain the same and rise in the future. To do this there will be an increase of costs based upon a number of different factors these include:

Messaging is becoming more complicated.

DNS services are becoming increasingly complicated.

Server and software patches can be time consuming / costly.

Storage, data backup and recovery space is continuing to increase.

Network and security management will draw more attention.

Disaster recovery and business continuation are becoming more complex.

The combination of these factors is showing how the costs and time involved in: keeping up with the changes is continually rising. In the future, this will have an impact on the firm's IT infrastructure and security spending. Over the course of time, this will require having more personnel involved in the process. ("Reduce Costs while Improving Reliability," 2010)

To deal with these issues a number of firms are outsourcing select aspects to third party providers (in the form of managed hosting). This is where the basic issues are dealt with through having a dedicated server and professionals. Their job is to continually watch for emerging threats and quickly address them. ("Reduce Costs while Improving Reliability," 2010)