Firms 'not serious' about IT security

Drew van Vuuren says companies should take IT more seriously. (4Di Privaca)
Drew van Vuuren says companies should take IT more seriously. (4Di Privaca)
Cape Town - Security is especially important in the corporate environment as intellectual property is at stake, but companies don't always take effective precautions to protect their IP, an industry insider has said.

Specifically, the growth of Bring Your Own Device (BYOD) has seen an additional risk to corporate networks as managers struggle to cope with security.

According to Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca, companies often leave security as an afterthought which exposes them to data theft.

He spoke to News24 about the management of IT security, specifically highlighting ideal policies for mobile devices and cloud-based solutions appropriate for the corporate environment.

News24: How have companies responded to the BYOD movement in SA?
Drew van Vuuren: Badly! But it has to be said that it is really specific to verticals. In the financial sector there are far stricter controls on what systems are accessible by the BYOD platforms.

Whereas in other less strict verticals, businesses are allowing almost blanket access on mobile platforms that support the business applications that users would like to access. The main bones of contention question where control is enforced, and whether it’s at the network, application or endpoint.
News24: Would you advise companies to make use of consumer cloud-based solutions for data backup?
Van Vuuren: In short, no. Platforms like Dropbox, Google drive and Sky drive are great for storing photographs of your latest camping trip, however using such platforms for storing critical company data is not advisable.

Although these environments do offer encrypted delivery paths, and profess to encrypt and anonymise the data, there is still the risk of the environments being compromised and your data being stolen.

The above doesn't even take into consideration data compliance mandates that will enforce who has access to the data based on geographic locale of the systems storing it.
News24: Can companies eliminate the "human" factor that leads to security risks?
Van Vuuren: No that is not at all likely. Humans are the creators, processors, managers and manipulators of data. It is our actions on data that influence its behaviour, and any thought of eliminating the human factor is a non-starter due to the fact that we are the ones in control of the systems that manage the data.

An example would be a database administrator; their role is to ensure that the system is configured correctly to ensure smooth operation for the user. Should they err in their actions when setting permissions for access to the database, they expose the system to compromise.

Vendors have attempted to go some way to eliminating the human factor when it comes to configurations of technologies however human input is still required to ensure the systems are deployed and made available for use by other humans.

News24: Based on your experience, what mobile platform is the most secure for corporate applications?
Van Vuuren: Well, that would be the Apple iOS platform. Apple have maintained a stronghold on the source code for iOS and haven't opened it up to the community for manipulation, unlike the open source Android system.

Now some might argue this stifles innovation, ironic when you consider Apple's image as an innovative company, yet, by being so proprietary with the iOS mobile platform they have ensured a level of security that is not enjoyed by Android and the other mobile platforms.

Windows 8 has only recently been released so there is not yet information yet on whether the mobile iteration is as secure as iOS.
News24: How do companies retain IT skills that are easily mobile?
Van Vuuren: Pay them more… No in all seriousness, many IT pros are motivated more by a sense of accomplishment and continuing education.

Empowering individuals to innovate within their own area of expertise, exposing them to further skills development and offering them a sense of job security is what most IT people are looking for when it comes to their roles in an organisation.

Obviously, if they are intent on regular exposure to newer environments and challenges it would be difficult to retain them, but I believe that with the right mix of challenges and independence that the folks in your local IT department won't look external for the job satisfaction they crave.
News24: What is the best practice as regards IP in the corporate technology sector?
Van Vuuren: By IP I am assuming you mean Intellectual Property, and not Internet Protocol as that would mean an entire different kettle of fish.

Retaining intellectual property is difficult at the best of times, what with the open source movement being so vocal when it comes to access to technology. Good practice would be to provide recognition to sources of IP within your business.

If the IP produced in your environment leads to greater profit for your business, reward and recognition to the innovators of the IP will go a long way to ensuring businesses can retain it.

Of course there is the contract of employment that states that the business retains the rights to the IP when developed while in the employ of that company, but often that restriction is difficult to enforce, so reward and recognise the importance of the IP to your business and it will likely remain within your business. 
News24: Spam is not a big problem in SA yet. Are there ideal company practices to limit exposure as more people come online?
Van Vuuren: The best way to limit the impact of spam on an organisation is to ensure correct configuration of systems that handle your mail.

Making use of outsource e-mail management platforms like for example Mimecast or MXLab will go a long way to ensuring that your business is not affected by spam.

The best way to reduce the impact of spam however is user education. Train your users to use e-mail responsibly and the impact of spam would be minimal. From an architectural viewpoint, configure web-based systems to not act as a mail relay for unsolicited e-mails.
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Lockdown For
Voting Booth
When planning for the Black Friday sales do you:
Please select an option Oops! Something went wrong, please try again later.
Save, research and plan ahead, preparing to make the most of it?
7% - 988 votes
Wait and see what looks like a good deal on the day?
14% - 1878 votes
Have no interest in spending more money this year?
79% - 10538 votes
Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo