This article first appeared in the Summer 2017 issue of The Record.
The way we access and share information in business has evolved. Firstly, the bring your own device (BYOD) phenomenon is being embraced by enterprises the world over. According to Gartner vice president David Willis, “BYOD strategies are the most radical change to the economics and the culture of client computing in business in decades.” And with figures from Cisco highlighting that today’s employees carry on average 3.4 devices, its uptake is showing no signs of slowing down.
“Being able to use your own device is an essential part of business today: employees expect it,” says Mike Constantine, chief technology officer at GCI. “I’d go as far as to say that people find it difficult to work for companies that don’t allow it.”
In addition to this, organisations increasingly need to share information with external shareholders, suppliers and customers. According to a recent Baseline report, at least a third of all data will pass through the cloud by 2020.
Get it right, and the benefits are huge. “Not only does an effective BYOD and file sharing policy improve worker access to information, but it also fosters greater collaboration and can significantly boost productivity,” explains Constantine.
But get it wrong, and there can be devastating consequences. “Without the ability to control access to sensitive information, enterprises are putting themselves at huge risk,” Constantine says. “A survey last year by Crowd Research Partners suggested that one fifth of companies have had a mobile data breach at some point in their history. Equally as troubling, just 34% of companies routinely wipe sensitive data from employees’ devices when they leave the company. Given that when changing jobs many employees jump ship to a competitor, it’s a major concern that competitive information could end up in the hands of a rival.”
Constantine says that all businesses the world over should consider the risks they are taking with their current approach. “Many organisations don’t understand that their biggest security threat is often inside their organisation,” he explains. “In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. When you consider this, controlling access to information takes on a renewed importance.”
This importance is compounded by the EU’s impending General Data Protection Act, which is set to come into force in May 2018. After this time, not only will it be a legal requirement for companies to report security breaches, but global companies could face a penalty of up to 4% of annual turnover if a breach occurs.
Constantine is quick to acknowledge that all of this can be confusing for companies, who often don’t know where to start. “That’s why we have a unique position in the market,” he explains. “We take the time to completely understand the way our customers operate and then implement the services that best suit their needs. We take care of everything – from specification, deployment and management through to ongoing maintenance.”
Leveraging the Microsoft Enterprise Mobility and Security (EM+S) suite, GCI promotes an identity-driven approach. “Each user is given a set of rights which limits their access to certain documents, regardless of the device they use,” Constantine explains. “It’s really easy to discover, restrict and monitor privileged identities and their access to resources.”
The solution also protects the company when users make poor choices as they work with critical company data. “If a credit card number is being shared, for example, the solution will automatically classify it as sensitive,” Constantine says.
“The innovative behavioural analytics and anomaly detection are another important feature of the technologies,” Constantine adds. “It will detect different logins made in short succession from different regions, for example. If an employee leaves, they will immediately be prevented from access.”
Constantine says that this solution is always evolving to ensure protection for users both now and in the future. “Analytics are already an inherent part of the Microsoft EM+S offering, and threat detection is becoming more and more intelligent,” he concludes. “This offers real peace of mind for users.”
As collaboration becomes more widespread, and BYOD advances further into an essential aspect of doing business, Constantine is confident that GCI’s approach is the right one. “No enterprise can afford to be left behind,” he concludes.