How to strike a balance between security and business productivity
The primary purpose of information technology (IT) is to make the enterprise employees productive and competent at their jobs, using newer and improved technologies. But on their journey to become digitally advanced, these companies are increasingly becoming vulnerable to cyber-attacks and data breaches, amplifying the need for enterprise-wide security. The prime purpose of IT security is to protect company data and assets from any such threats. The risk of cyber-attacks versus improved productivity due to advent of technology is what can be aptly described as a security paradox or security versus productivity.
Using new technologies, organizations have become more productive. Many expenses have reduced thanks to data storage in a digital format, use of virtual prototypes for testing, video conferences over the internet, and other such facilities. IT has allowed scanning and storage of business documents at a centralized location, making it easier for recordkeeping and searching. Mundane tasks are being replaced by automation and robots that allow workers to focus on more essential operations. It also helps the company reduce manufacturing time and costs. Internet and online banking services have transformed the entire banking sector.
A few years ago, only large enterprises with big IT budgets could afford best in class technologies around communication, collaboration or mobile computing. But thanks to cloud-based SaaS (Software as a service) options, even SMEs today can subscribe to such technologies within 24 hours in a pay as you go model. In fact, in some cases, such options provide more flexibility to adopt new technologies versus large enterprises which mostly host all their technologies in-house. With an increasing number of companies migrating towards internet-based solutions, lack of cybersecurity has emerged as a major concern. Data breaches, account hacks, malwares and ransomware attacks have been in the spotlight.
Let us have a look at some latest technologies, their benefits and the security risks they pose.
Bring Your Own Device (BYOD)
Benefits: It provides flexibility to employees to use their own gadgets for work. It opens doors in terms of accessibility to newer technologies and equipment for employees as an alternative to use company issued devices. They can work virtually, and in a comfortable environment, which amplifies their productivity.
Security risk: When employees use personal devices to access company information, confidential and sensitive data is readily available to anyone who has an access to that device. Personal devices can be vulnerable to cyber-attacks and hackers may be able to penetrate into the device. As a result, some companies do not permit the use of personal devices for work purposes.
Internet of Things
Benefits: IoT is an application of chips and sensors embedded in everyday objects that enable them to exchange data. The advantages are far reaching, ranging from home security to medicinal services, and employees improving time management and productivity.
Security risk: The key issue with IoT is that it increases the number of devices to be managed from a security perspective. Since there are multiple devices involved, hackers too have a wide range of options.
Even a seemingly unimportant device such as a thermostat can be used by cyber criminals to uncover private information and bypass firewalls. Corporations with interconnected devices could also use these devices to obtain personal data.
Virtual private network (VPN)
Benefits: It provides seamless access for employees to connect to their company’s IT network for file sharing, checking e-mails, or other tasks.
Security risks: Although VPN is a secure channel between IT devices and the company network, they are vulnerable to network hijacking techniques such as sniffing and unauthorized access from untrusted devices. Malware infested devices can gain entry into the company’s network using VPN and infect other systems.
Benefits: Accessing emails, calendar, and in-house applications have helped businesses improve communication and accessibility. Mobile apps allow senior management to approve work flows and processes. Instant messaging and VoIP applications allow voice, video and instant messaging.
Security risks: Mobile devices can easily be stolen. Even leading intrusion-detection system and anti-virus software would prove useless against an individual accessing company network with a stolen device. Wi-Fi enabled phones are prone to attacks such as Man-in-the-Middle (MITM), and Wi-Fi hacking. Cyber-criminals can infect mobile devices with trojans, malwares or key-loggers using the connected Wi-Fi network.
Robotics and automation
Benefits: The biggest advantage is in the form of shorter manufacturing time coupled with improved quality and reliability. This further reduces production costs, which provides pricing benefits to the manufacturer. Manufacturing automation allows employees to focus on other strategic tasks such as expansion of product capabilities and improving proficiency in supply chain cycle.
Security risks: Some believe that industrial robots and autonomous machines would not be targets of cyber-attacks as they do not contain any sensitive or confidential information. But this is not the case. Robotics and automation work on the basis of embedded systems and sensors, both of which are prone to programming bugs and security vulnerabilities. An attack by ransonware could bring a manufacturing plant or an assembly line to a halt.
When it comes to IT security, the fear of the unknown is a common point of discussion for security officers and chief executives. They want to know the security implications of upgrading their existing technology and adapting new solutions. This fear often leads to delay in implementing and adapting to new solutions. What most companies fail to realize is that legacy systems are often inherently insecure. Older computers on the shop floor are no longer patched and are vulnerable to malwares, viruses and ransomware. Legacy machines and software can give hackers easy access.
The demand for mobile workforce is set to increase but it also exposes the network to potential cyber breaches and attacks. There needs to be a healthy balance between security and productivity. Companies should not shy away from adopting latest technologies but periodic review of security infrastructure is imperative.
Amit Jaju, partner and head of forensic technology, EY India