Ramsés Gallego, international VP of ISACA and security strategist and evangelist at Dell, outlined what he sees as the top three threats facing enterprises.
BYOD (bring your own device) refers to the trend for employees using their own devices for their professional lives, but Gallego warns that this has progressed to encompass so much more. He notes it has become BYOx—with the “x” being a variable for everything an employee brings to the enterprise (apps, talents, ethics, information, skills, etc.).
The danger lies in, for example, the apps stored and utilised on devices that could harbour worms, viruses and other threats waiting to infiltrate and steal corporate data. Further, there is the human element of actually using the device—there is little protection against human error and carelessness. In ISACA’s 2012 IT Risk/Reward Barometer survey, more than 40 per cent of respondents in Europe said BYOD poses a high risk to the enterprise.
The third platform
The three pillars of cloud, mobility and social media make up The Third Platform of an enterprise. He says this nexus of forces is here to stay and creates difficulties because each poses massive challenges and opportunities on its own. The combination makes it difficult for enterprises to protect themselves. Further, there are two elements to this threat—first is the transgression from historical mainframe platforms to a geographically disbursed infrastructure and eventually full migration to cloud computing.
While some may claim the cloud will disperse, Gallego does not agree. He says, “While in the future it may change its name to some other moniker, I don’t believe the cloud will evaporate. Let’s face it—too much has been invested in the pillars that support the cloud.” The other element to this threat is the social enterprise. Gallego envisions more organisations creating, engaging with and nurturing their own communities akin to Facebook and LinkedIn—a great opportunity, but one that must be carefully managed.
Perhaps the ultimate threat facing organizations is the lack of the right people with the right skills for this new arena. Technology is moving at warp speed, with organisations adopting and updating their systems just as quickly, yet enterprises are not keeping pace with training and education.