As the mobility wave continues to grow, organizations need to prepare for changing security implications
If anyone ever doubted the gravity of inadequate security measures that leave corporate data vulnerable to attack, consider the recent collapse of CodeSpaces.com, a code-hosting and project management service provider.
A report published in ComputerWorld and other sources stated that the company failed within a single day when its customer data was eradicated over a 12-hour span. According to the report, the devastating security breach “initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.”
CodeSpaces “failed on the basics,” according to Dmitriy Ayrapetov, director of product management at Dell SonicWall, a company that provides network security and data protection solutions. At a recent Gartner, Inc. Security and Risk Management Summit, Ayrapetov noted that not only did the attackers have the ability to get inside CodeSpaces’s network, but once inside, they could access anything and everything they wanted, wantonly destroying critical customer data – including vital backups – and forcing the company out of business.
Such a scenario is what keeps IT security specialists awake at night. And with the increasing adoption of a more mobile, more social workforce, a lost smartphone, an unprotected laptop, or a misplaced thumb drive could be just the beginning of a digital disaster in today’s data-driven workplace. As a result, traditional security models and strategies are simply no longer enough to keep marauding cyber intruders out.
“Employee digital literacy has led to a growing consumerization movement within most enterprises, with employees using a wide variety of consumer-oriented apps for business purposes,” says Tom Scholtz, vice president and Gartner Fellow. “As organizations shift toward a more digital workplace, long-held approaches to security need to be re-examined.”
This brave new world of the digital mobile workplace is open to increasingly sophisticated threats. Coupled with the sheer number of devices, all coming from various sources and carrying apps of varying security pedigrees, this environment is making traditional methods that focus solely on prevention (such as passwords, anti-malware, encryption and continuous patching) increasingly ineffective.
New and Different RisksWhile the need for preventive controls will never go away (in other words, don’t leave home without having your smartphone password protected), in the context of the larger digital work environment, security goes deeper and broader. This means network security that relies not on a single line of defense – and counting on it never to fail – but more on detection and reaction controls. If these fail, they are designed to fail “intelligently,” isolating the attack and stopping intruders from drilling deeper into the infrastructure.
In a trend that reflects the business travel industry’s current move toward open booking and traveler empowerment, Gartner is also predicting that – in tandem with more robust and sophisticated threat deterrents – IT security will rely increasingly on personal responsibility among employees. By 2018, according to Gartner research, 25 percent of large organizations are going to be deploying strategies explicitly designed to make their corporate computing environments similar to a consumer computing experience.
“The digital workplace implies new and different security risks,” says Scholtz. By its nature, the new business model of the digital workplace means that users will be given more freedom in how they use technology and information. This in turn implies a higher level of trust in those employees to use the enterprise’s information resources responsibly and securely.
“Implementation of a digital workplace exacerbates the IT department’s loss of control over endpoint devices, servers, the network and applications,” Scholtz notes. The result of “a fully consumerized workplace,” he says, “necessitates a shift toward a more information-focused security strategy.”
So Scholtz advises security leaders that, in addition to developing employee education that focuses on appropriate behavior and measurable results, they should learn to “collaborate with personnel and line-of-business managers to modify job descriptions and reward mechanisms so that they are aligned with desired security performance.”
SHORT SUBJECTSCvent Rolls Out New Interface, Partners with MarketoEnterprise event management solutions provider Cvent and Marketo, a marketing software provider, have partnered to integrate Cvent’s event management platform with the Marketo customer engagement platform. The integration allows Marketo customers an opportunity to leverage event attendee information to enhance customer profile data and deliver more targeted and relevant engagement to prospects and customers.
The Cvent/Marketo integration is available through the Marketo LaunchPoint ecosystem.
Cvent has also unveiled a redesigned user interface for its event management platform. The Blue Release provides streamlined navigation and an enhanced workflow for building and managing events. The Blue Release will be made available to all Cvent users in the third quarter of 2014.
Study Finds Online Corporate Bookings Trending MobileMobile bookings are set to climb steeply over the next decade and will influence not only the entire traveler experience but will shift how travel managers control their travel programs, according to a new study by Carlson Wagonlit Travel. The report, entitled Tap into Mobile: Managed Travel in the Digital Economy, finds that both travelers and travel managers expect mobile booking to increase significantly, reaching 25 percent of online transactions by 2017.
CWT’s research predicts that mobile bookings will more than double in the next two years. The study finds that it took up to eight years for online booking tools to reach the same level of activity that mobile is expected to achieve in the next three years.
The report underscores the high expectations that both travelers and travel managers have for mobile travel services and their awareness of the advantages and benefits it will bring. Mobile is not expected to significantly drive down travel costs, according to both travelers and travel managers; instead ease of doing business, productivity and traveler wellbeing all rank higher as key benefits of mobile.
Sabre Launches Virtual Payments for AirSabre Corporation and its payment services partner Conferma have introduced Sabre Virtual Payments for air travel. Sabre Virtual Payments for Air is a streamlined form of payment that allows customers to deploy virtual credit card numbers from a preferred partner bank or credit card at the point of sale. As the initial launch partner of Sabre Virtual Payments for Air with Sabre and Conferma, U.S. Bank is the first to add air travel capability to its Travel VirtualPay solution.
For travel buyers, the new process will increase productivity and security through a streamlined, automated solution that assigns a unique virtual credit card number to each travel segment. In addition, corporations will be able to control the exact dollar amount of any single transaction and ensure that only airlines are able to bill to these accounts, enhancing fraud protection and increasing travel policy compliance.
“The addition of virtual card numbers for air is great news for our card program customers who already enjoy the option of VCNs for hotel bookings,” said U.S. Bank travel product manager Mary Miklethun. “This makes U.S. Bank Travel VirtualPay even more valuable in allowing clients to capture and manage every travel dollar they spend.”
Sabre has also launched TripCase Follower, the first travel itinerary app to give travel arrangers anywhere-access to the details of their travelers’ trips including the latest itinerary updates. This allows travel arrangers and others to review last-minute changes, accommodate for flight disruptions, and ensure hotel and ground transportation are reserved.
Parking Robot Ray Bows at DüsseldorfDüsseldorf Airport has become the world’s first airport to employ an intelligent robot parking system for vehicle drop off and pick up. Travelers can leave their cars near the airport terminal and the new parking robot named Ray handles parking cars for them.
Passengers can reserve an individual parking spot before their trip via an online booking system (parken.dus.com) and download the app when using the system for the first time (available for OS and Android). Once at the airport, customers drive to the arrival level and the special parking area and leave their car in one of the six transfer boxes. The subsequent parking is conveniently done by robot Ray, which measures the vehicle and carefully parks it in a rear part of the building.
Ray is connected to the airport’s flight data system, and knows when the customer will come for the vehicle. The vehicle is then deposited in one of the transfer boxes. If the technology proves popular, DUS will consider expanding the system, since it is easy to integrate into existing parking structures.
Hilton Enables Room Selection Via Mobile and Web
Hilton Worldwide is introducing a new feature that allows Hilton HHonors members to use their accounts to check-in and choose their exact room from digital floor plans, as well as purchase upgrades and make special requests, on their mobile devices, tablets and computers.
Once a room is booked, at 6:00 AM the preceding day, guests can use their mobile device to check-in and choose their preferred room. Once they arrive at the property, guests simply pick up their room key from the front desk. Guests also will be able to check-out using these personal technology devices with their bills automatically sent to their e-mail address.
By the end of 2014, digital check-in and room selection will be available at more than 4,000 Hilton Worldwide properties globally. Next year, the company will begin to equip its hotel rooms with the technology for doors to be unlocked with guests’ smartphones.