Now more than ever before, businesses need to offer exciting opportunities to boost employee productivity, creativity, and engagement, but they cannot be at the expense of security, writes BRENDAN MCARAVEY, Country Manager at Citrix South Africa.
The future of work very much revolves around the future of security. New ways of working offer exciting opportunities to boost employee productivity, creativity, and engagement, but they can’t come at the expense of security. The work force in today’s businesses is predominantly young, and according to a Citrix commissioned study carried out by Opinium in 2016, younger people aged 18 – 34 are more willing to store private data on their computers when compared to their older counterparts.
Led by this younger generation in the work space, the practices that are already shaping the future of work like —BYOD, unprecedented mobility, any-network access, employee-centric experiences, have the potential of increasing risk for data, applications and networks. The attack surface has never been so broad or so inviting—and threats have never been more sophisticated. At a time when data is both more valuable and more vulnerable than ever, how will we secure the future of work? As a guiding principle, we can’t rely on add-on security technologies and teams operating in siloes.
Security must be woven throughout both the IT architecture and the organisation to ensure that no matter how or where people work, the organisation is protected. At the same time, the measures we rely on can’t be allowed to impair the user’s experience or productivity. Today’s workforce won’t accept arbitrary restrictions or barriers; the same creative spirit that fuels innovation will also lead them to seek consumer-market workarounds.
The key is to make cybersecurity everyone’s business. When employees are fully bought in to security—when they understand its importance and relevance, and they’re empowered to support it without sacrificing their own work, your security team becomes truly organization-wide.
To that end, here are six security best practices for the future of work.
1. Educate users: User education has been a tenet of cybersecurity since the early days. But that makes it all the more important to reinforce its importance, so that we never overlook it or take it for granted. As people gain the freedom to work anywhere, on any device, knowing how to do so safely must be a top priority. In the employee-centric modern workplace, it’s also important to consider how this education takes place. It’s not enough simply to recite lists of rules and protocols.
2. Engage with lines of business: Security doesn’t happen in a vacuum. The most effective policies are grounded in a firm knowledge of operational processes. Regular meetings with business decision-makers helps employees understands the implications of new initiatives. It also helps get crucial perspective into the tools, workflows and practices that enable to drive value, helping design measures that maintain protection and control without getting in the way of business.
4. Modernize and mobilize your security policies: Mobility increasingly defines IT—in terms of both the mobile devices people use, and the constant movement of people, devices and data from one place to another. Ensuring security policies reflect the real world—not some antiseptic, locked-down cybersecurity dream (and employee nightmare). Creating clear rules and guidelines to help employees stay safe without losing the freedom and flexibility they’ve come to rely on. Specify convenient yet secure alternatives to consumer-grade technologies.
5. Enforce policies fairly and consistently: Inconsistent enforcement can doom even the best security policy—and can undermine the credibility of any subsequent policy. When security becomes part of the culture, the whole organisation becomes safer for the long term no matter what the future brings.
6. Make it seamless—and automatic: The less you have to rely on human intervention, the more reliable security becomes. This can include everything from conditional access controls that show employees only the apps they’re authorised to use in a given scenario, to business data encryption by default on mobile devices. Open-in controls can prevent email attachments from opening in non-corporate apps. Micro-VPN can ensure security over public Wi-Fi. Automated logging and reporting can facilitate compliance and audit readiness.
There are many opportunities to make security more seamless and transparent for users, and simpler and more efficient for IT to maintain. As the scale and complexity of the enterprise environment continues to grow, steps like these will be critical to stay one step ahead. The future of work gets a lot of buzz these days, and rightly so—it gets more exciting by the day. With these best practices, you can make sure it’s also growing more secure by the day.
Legion gets a pro makeover
Lenovo’s latest Legion gaming laptop, the Y530, pulls out all the stops to deliver a sleek looking computer at a lower price point, writes BRYAN TURNER
Gaming laptops have become synonymous with thick bodies, loud fans, and rainbow lights. Lenovo’s latest gaming laptop is here to change that.
The unit we reviewed housed an Intel Core i7-8750H, with an Nvidia GeForce GTX 1060 GPU. It featured dual storage, one bay fitted with a Samsung 256GB NVMe SSD and the other with a 1TB HDD.
The latest addition to the Legion lineup has become far more professional-looking, compared to the previous generation Y520. This trend is becoming more prevalent in the gaming laptop market and appeals to those who want to use a single device for work and play. Instead of sporting flashy colours, Lenovo has opted for an all-black computer body and a monochromatic, white light scheme.
The laptop features an all-metal body with sharp edges and comes in at just under 24mm thick. Lenovo opted to make the Y530’s screen lid a little shorter than the bottom half of the laptop, which allowed for more goodies to be packed in the unit while still keeping it thin. The lid of the laptop features Legion branding that’s subtly engraved in the metal and aligned to the side. It also features a white light in the O of Legion that glows when the computer is in use.
The extra bit of the laptop body facilitates better cooling. Lenovo has upgraded its Legion fan system from the previous generation. For passive cooling, a type of cooling that relies on the body’s build instead of the fans, it handles regular office use without starting up the fans. A gaming laptop with good passive cooling is rare to find and Lenovo has shown that it can be achieved with a good build.
The internal fans start when gaming, as one would expect. They are about as loud as other gaming laptops, but this won’t be a problem for gamers who use headsets.
Click here to read about the screen quality, and how it performs in-game.
Serious about security? Time to talk ISO 20000
By EDWARD CARBUTT, executive director at Marval Africa
The looming Protection of Personal Information (PoPI) Act in South Africa and the introduction of the General Data Protection Regulation (GDPR) in the European Union (EU) have brought information security to the fore for many organisations. This in addition to the ISO 27001 standard that needs to be adhered to in order to assist the protection of information has caused organisations to scramble and ensure their information security measures are in line with regulatory requirements.
However, few businesses know or realise that if they are already ISO 20000 certified and follow Information Technology Infrastructure Library’s (ITIL) best practices they are effectively positioning themselves with other regulatory standards such as ISO 27001. In doing so, organisations are able to decrease the effort and time taken to adhere to the policies of this security standard.
ISO 20000, ITSM and ITIL – Where does ISO 27001 fit in?
ISO 20000 is the international standard for IT service management (ITSM) and reflects a business’s ability to adhere to best practice guidelines contained within the ITIL frameworks.
ISO 20000 is process-based, it tackles many of the same topics as ISO 27001, such as incident management, problem management, change control and risk management. It’s therefore clear that if security forms part of ITSM’s outcomes, it should already be taken care of… So, why aren’t more businesses looking towards ISO 20000 to assist them in becoming ISO 27001 compliant?
The link to information security compliance
Information security management is a process that runs across the ITIL service life cycle interacting with all other processes in the framework. It is one of the key aspects of the ‘warranty of the service’, managed within the Service Level Agreement (SLA). The focus is ensuring that the quality of services produces the desired business value.
So, how are these standards different?
Even though ISO 20000 and ISO 27001 have many similarities and elements in common, there are still many differences. Organisations should take cognisance that ISO 20000 considers risk as one of the building elements of ITSM, but the standard is still service-based. Conversely, ISO 27001 is completely risk management-based and has risk management at its foundation whereas ISO 20000 encompasses much more
Why ISO 20000?
Organisations should ask themselves how they will derive value from ISO 20000. In Short, the ISO 20000 certification gives ITIL ‘teeth’. ITIL is not prescriptive, it is difficult to maintain momentum without adequate governance controls, however – ISO 20000 is. ITIL does not insist on continual service improvement – ISO 20000 does. In addition, ITIL does not insist on evidence to prove quality and progress – ISO 20000 does. ITIL is not being demanded by business – governance controls, auditability & agility are. This certification verifies an organisation’s ability to deliver ITSM within ITIL standards.
Ensuring ISO 20000 compliance provides peace of mind and shortens the journey to achieving other certifications, such as ISO 27001 compliance.