Just came across this interesting article in Network World by Kurt Johnson - Control Collaboration, don't inhibit it. No doubt concerns from Web2.0 and social media security risks also weighed in...
The article argues about best practices and has some good suggestions - however, I feel that the core challenge was not fully addressed. How do we really let data go free, but control it?
There are technology solutions (perimeter security, anti-malware, access control), process solutions (compliance - the challenge of managers now becoming compliance police? I doubt whether they would want to take on that responsibility) and people solutions.
The one aspect not touched upon explicitly is the data-centric perspective on meeting these challenges. I am a firm believer in de-perimeterization and think that we have to get to more granular controls at the data level with policies around encryption, access control and retention to effectively deal with these challenges.
The article argues about best practices and has some good suggestions - however, I feel that the core challenge was not fully addressed. How do we really let data go free, but control it?
There are technology solutions (perimeter security, anti-malware, access control), process solutions (compliance - the challenge of managers now becoming compliance police? I doubt whether they would want to take on that responsibility) and people solutions.
The one aspect not touched upon explicitly is the data-centric perspective on meeting these challenges. I am a firm believer in de-perimeterization and think that we have to get to more granular controls at the data level with policies around encryption, access control and retention to effectively deal with these challenges.
