Wednesday, May 23, 2012

Cloud Storage, Mobile Devices & Information Risk

Two interesting articles touch on risk considerations and response strategies for organizations grappling with the increasing mobility of people and information.

"Not just a paper trail" -- Describes how two large Australian firms are approaching these issues:
  • "A document management system needs to balance the competing interests of ensuring lawyers can access and retrieve documents easily with the need for certain information to remain off limits to certain groups of people."
  • "Corrs Chambers Westgarth is one firm that is looking to use modern technology to reduce the reliance of its lawyers on paper. Late last year, Corrs rolled out an iPad app which allows lawyers to organise, transport and review thousands of documents outside the office."
  • "An important part of protecting the security of online documents at Corrs has been to eliminate the risk of documents getting lost in the cloud. To ensure this, Corrs has in place security measures to stop documents being stored in the cloud in the first place. 'Absolutely no documents kept by the firm are stored on the cloud,' says Borskjaer."
  • "A novel approach to the security risk posed by the cloud has been taken by Clayton Utz. It has developed an internal cloud as part of a “whole-of-firm” approach to document management."
On a related thematic note, "IBM stung by BYOD pitfalls," explores the risk and management challenges that come with letting users "bring their own devices" like iPads and iPhones, and the associated apps that enable "smooth" information sharing:
  • "IBM soon realized that it had no grasp of which apps and services employees were using on their personal devices and set forth guidelines of proper use. It banned, for example, the use of such popular services as Dropbox cloud-based storage. The well-justified fear was that employees would put IBM-sensitive information in their personal Dropbox accounts and forward internal email to public Web mail services, or use their smartphones as mobile Wi-Fi hotspots."
  • "...before IBM will allow an employee to access its networks with his or her device, it must make adjustments."
For more background on IBM's BYOD policies and practices, see also this article.

No comments:

Post a Comment