Managing organisational risk
Organisational risk can be reduced to two base constituents: loss or diminished profit, and loss of stability. Similarly, for any tool or technology to be valuable, it must do two of three things - improve profit, reduce loss or improve the risk against loss, and maintain organisational stasis and stability.
So says Kevin Halkerd, senior security specialist at J2 Software. “Companies who are not on the map in terms of using tools that accomplish that, are already handicapped.”
At the same time, the adoption of new technologies, and the management thereof, will add to risk. He cites the example of BYOD, where in an effort to remove the end-user computing environment cost, users were introduced to bringing their own devices, or in some industries, choosing their own devices.
“Trends like BYOD will always bring more risk. Even with the latest security apps and devices, your company data and app access may be safe, but these things aren’t easily managed on employees’ devices. Any particular technology landscape requires a long term business commitment. Businesses can be influenced by a slick mobile device marketing campaign driving the latest Android or iOS device for example, and these devices change, every year. This is what is happening now, companies are going for the latest and greatest, and sensitive data can be lost when businesses don’t keep with up the BYOD trend rationally.”
He says there are solutions available to secure BYOD, but these introduce yet another risk, that of price. “These solutions require either dedicated personnel or management platforms and software. The reality is, IT administrators are too busy with their daily tasks, and don’t have the time to devote to the continuous management of BYOD. You will require additional heads or tools; most likely both.”
In addition, Halkerd says the cost to the business may be impacted a lot more than anticipated because of the adoption of additional technologies. “This compounds with the next risk, that of complexity. A company starts a BYOD project to make the company more efficient, then is faced with all the additional people, gizmos and black boxes needed to make it happen.”
He says although there are exceptions, these are more often than not outliers. “BYOD is a nightmare proposition for most SMEs seeking maturity. It’s a minefield fraught with many nasty surprises and many, many losses of private and sensitive data. There are ways to mitigate these risks. Firstly, clear objectives and milestones in pathfinder projects. Next, pick a familiar spearhead technology and set achievable goals.”
He advises to start with a BYOD trial, offering a selected range of devices from users to choose from. “Are you a Windows end-user computing environment? Try a Windows tablet. Make sure it is monitored. Use a tool like SystemSkan or device level productivity assessments to learn how users interact with technology.”
Once you have done this, make an informed decision. “SystemSkan’s ability to discern active and passive work times of user tasks makes it a wonderful performance benchmark reference tool for new technology adoption in end user computing environments. Sometimes users just won’t be effective or efficient with the latest tablet and sometimes there will be a select super user group that will.”
According to Halkerd, knowing how to tailor the solution to your organisation and not how to fit your organisation to a technology choice is the key to maintaining organisational stability while still advancing technology and engaging users in their choice and need.
“Cement the informed decision in standards and policies with clear cut requirements and goals,” he says. “Use tools like SystemSkan to establish a program of continuous risk and performance monitoring and improvement to drive profit, manage and reduce monetary and information loss through effective reporting and business enabling. Demonstrate and regularly test controls to assess efficacy.”
- Hits: 1141