Information Security

Data is not just critical to business it is core. It is the essence of a company’s function. Big data is a major part of that flow, and the more customer data that is out there, the more it needs protection.

As big data gathers momentum, incorporating security into planning and processes in the early stages of a project are becoming more important. The big data revolution is just getting started and will present major security challenges if its data management is not carefully planned.

Formerly the exclusive domain of IT, information security has now become the domain of everybody including content and knowledge managers.

Major retailers and government agencies have suffered data breaches, denials of service and destructive intrusions. Millions of individuals have been affected, and organizations are now forced to devote more resources to prevention and remediation. Everyone in a company, from consumers to CEOs, has become acutely aware of the hazards of failing to protect information.

Every business user and anyone accessing data needs to be aware of it. The advent of the mobile worker and the proliferation of cloud technology have added a new dimension.

People want to run their businesses on a tablet, and they can do that but information managers need to understand how to do it safely. Much of the data in an enterprise exists only at endpoints, which increasingly are mobile devices.

According to a study by IDC, 75% of the U.S. workforce is mobile, with most of those employees having more than one mobile device. But those devices are at risk: about five to 10% of laptops are lost each year, according to a study from Ponemon Institute, and about one-third of them contain unencrypted sensitive or confidential data. In another study, one in six respondents reported having a mobile device lost, stolen or destroyed. In addition, a lot of intellectual property is stored on mobile devices, and in the event of litigation, the company has to be able to locate it.

Despite the convenience of mobile devices, their use creates well-recognized conflicts with security, especially in the face of increased frequency of BYOD (Bring Your Own Device).

Even when users hold onto their devices, security is far from guaranteed. Data is becoming more dispersed and fragmented. Even when companies do not know where the data is flowing, they still have an obligation to protect it. Information sharing is the norm rather than the exception today, both among employees within an organization and with outside organizations.

Along with mobile devices, the supply chain is a point of vulnerability. Once supply chain information leaves your organization, you don’t know what is being shared and what is being protected. Tracking it is a massive task and has often been managed by departments well outside of IT, such as procurement. It’s not just information about material goods that enters the supply chain; intellectual property associated with the products also goes to third-party suppliers. Information, such as patent data or formulas for pharmaceuticals, is shared with lawyers and accountants.

Analyzing the risks to information in the supply chain can help focus resources on mission-critical data. Companies should work with their vendors to ascertain how they are protecting information, and to consider putting security requirements into the contracts they write with suppliers.

Business and IT should start with a conversation to explain what protection the company has in place and what measures are being taken. Then, the business side can work with IT to develop business cases based on the impact of their operations and illustrate the ROI for protection of their functions. That can help IT by showing the costs of downtime and clarifying what needs to be protected.

Technology can help overcome security problem. For example, an application can provide continuous backup, but users don’t know that it is running or the can also enforce encryption without the user’s awareness and remotely wipe laptops to clear the data. There are products which focus on encryption and tokenization, to secure the data itself rather than the network environment. Tokenization provides visibility to the flow of data without putting the data at risk.

A new product called Protegrity Avatar for Hortonworks is designed to secure individual data elements while managing and monitoring the data flow in Hortonworks, an enterprise Hadoop data platform.

In most cases, organizations need to deploy more than one security solution, because the threats are many and varied. Most companies use a best-of-breed strategy, picking out the strongest solutions for their needs.

Data security is about data protection, but it is also about continuity and availability. Protecting information with technology is important, but it is not a substitute for information governance within a company.

Achieving the right balance between business needs and information security requires a fundamental shift in attitude. Rather than thinking of data as something a company owns, business owners need to come to term with the fact that they are custodians of data that needs to flow and be managed.

A legislative proposal announced by the White House in mid-January is designed to increase data security by promoting information sharing, strengthening law enforcement for cyber crimes and requiring that data breaches be reported promptly.

Companies have been concerned about information sharing because of the risk of liability for violating individuals’ privacy. The bill addresses that issue by requiring compliance with privacy guidelines, including removal of unnecessary personal information. The legislation would simplify and standardize the requirements for reporting data breaches. Currently, the laws exist at the state level, but not all states have them, and those that exist are not consistent.

Whether defending their website from intrusions, keeping applications running or protecting data elements, organizations are faced with an increasing number of threats and a complex security environment. Awareness at every level of the extended enterprise will be essential to minimizing the adverse impact of security incidents.

Galaxy Consulting has 18 years experience in information security and governance. Please call us for a free consultation.

Yammer and SharePoint

Enterprise social network vendor Yammer was a large and fast growing player when Microsoft acquired it in late 2012. Yammer has users in more than 150 countries, and the interface is localized into more than 20 languages.

At its core, Yammer is a micro-blogging service for employees to provide short status updates. Whereas Twitter asks, “What’s happening?” Yammer asks, “What are you working on?”

Over the years, Yammer’s functional services have expanded a bit to include the ability to express praise for co-workers, create polls, share documents and provision smaller discussion groups. In practice, however, some of those supplementary services aren’t as rich or well-integrated into SharePoint as you might find in competing products.

And you can find a lot of competing products: from collaboration suites that offer tightly integrated social networking services to supplemental “social layer” offerings that compete directly with Yammer.

For this reason, it would be good to ask this question: Is Yammer truly the best social layer for your enterprise?

When Microsoft acquired Yammer shortly before releasing SharePoint 2013, the deal sent shock waves through the marketplace. Soon Microsoft started recommending that you hide SharePoint’s native social services in SharePoint and use Yammer instead.

Microsoft now promotes Yammer as a social layer over all your Microsoft systems, especially Office 365. Yammer usage can explode within an enterprise that heretofore offered no micro-blogging services, let alone any enterprise social network. People happily check in and often find new or long-lost colleagues in the first few days and weeks.

Yammer boasts a huge customer community. Customers get access to the quite sizable Yammer Community Network, where licensees share their successes, problems, questions and tips with the community as a whole. A small but growing apps marketplace rounds out the picture of a vibrant ecosystem around Yammer.

Smaller departments use Yammer to stay in touch, but enterprise-wide conversations typically decrease. Usage also drops off when employees struggle to place the service within the regular flow of their daily work. Yammer becomes yet another place you have to go, rather than a service you exploit as part of your regular workflow.

In a mobile environment, Yammer and SharePoint usage entails at least two separate native clients.

Yammer has key application: social questions and answers. When a user starts to type a question, Yammer uses a real-time search to auto-suggest already asked questions. That is useful and helps to eliminate duplication in content.

However, there are no ratings for answers and the original questioner cannot declare an authoritative answer. Search is not really ideal, so as answers build, they become harder to leverage, especially given the scarcity of curation services. Yammer works less for knowledge management and more for really simple, quick responses to simple questions.

Another Yammer key social application: communities of practice. Groups are either public or private. You might also have separate groups in Exchange and SharePoint (via Delve), as well as Communities in SharePoint.

There is single sign-on to Yammer with Office 365.

Larger enterprises find Yammer better suited as a supplement to formal collaboration and social networking efforts rather than as the center. Its simplistic handling of files and limited search facilities limit Yammer’s ability to serve as much more than a simple micro-blogging service.

If you are looking for pure micro-blogging services to communicate across your enterprise and are not looking for ready-to-use applications tailored for specific goals and processes, Yammer offers an obvious alternative to consider, especially for those whose SharePoint plans rest primarily on the Office 365 edition.

Galaxy Consulting has experience with all versions of SharePoint and with Yammer. Please contact us today for a free consultation.