Posts tagged authentication
Will APIs Be the Great Enabler of BYOD?

I recently contributed an article to CCI Magazine. Please take a look and share your thoughts!

It’s the stuff of Chief Security Officers’ (CSOs) nightmares. An employee has lost their mobile device on public transportation or perhaps it has been stolen. When this situation occurs CSOs are concerned the device contains corporate data with the potential for exploitation by a non-authorised user. This scenario is a hot topic in any discussion related to Bring Your Own Device (BYOD).

Information Ooze?

By John Thielens, CSO, Axway

“By 2016,” writes Gartner in a November 2011 research note, “20 percent of CIOs in regulated industries will lose their jobs for failing to implement the discipline of information governance successfully.”

Whenever the concept of information governance arises, a single word immediately pops into my mind: Leak.

Initially, the type of leak the enterprise focused on was a network-level leak — that gaping hole in the side of the enterprise’s hull that was fixed by tightening up the network, installing firewalls, and making everything less susceptible to attack.

Later, the enterprise focused on a type of leak that involved an unauthorized disclosure of information, often due to inappropriate controls at the enterprise boundary, a bad information-classification strategy, or no information-classification strategy. This type of leak demanded policy infrastructure — a system that determined who was allowed to move what kind of information across which boundaries.

Today, the leak the enterprise focuses on is less active and more accidental. Think of it as information “ooze,” a consequence of data-management technologies allowing consumer information to be leaked via Bring Your Own Device (BYOD) and Bring Your Own Application (BYOA) vectors.

An appropriate information governance infrastructure will defend against the first two types of leaks, but addressing the third type of leak — the “ooze” type — isn’t so straightforward. How do you prevent the disclosure of information from a particular data set when A) you didn’t create that information (your consumers did) and B) the information resides on an unauthorized device and/or an unauthorized application of your users’ choice? How do you keep information within the enterprise so that an audit trail is actually possible?

The one out of five CIOs who will lose their job by 2016 will have successfully shunned years of warnings about the importance of information governance, but the four out of five CIOs who won’t lose their jobs will answer the questions above by implementing the right policies. They will provide their users with secure access to the enterprise’s data, and they’ll provide themselves with the ability to track that data.

Let’s strive for a 2016 where Gartner’s prediction proves inaccurate, where only the smallest minority of CIOs fail to implement the discipline of information governance, and where the word that immediately pops into mind when the concept of information governance arises isn’t “leak,” but “airtight.”