IT Security

On Guard: A more complex IT landscape makes info security paramount

The world of information technology is becoming so specialized today that a company’s need for expert IT support can be as critical as the need for a good CFO. This need is especially urgent in middle market firms whose technical bench strength and financial resources may not be as great as those of larger companies.

The onslaught of new products known as SaaS (Software as a Service), many of which are available on the “cloud,” are attractive because they are highly customizable and can simplify functions like customer relationship management (CRM). Executives must decide how new products are evaluated and integrated into their existing systems – and who should be responsible for these decisions. They must also keep abreast of emerging tech issues. Throughout, security must be the driving consideration.

“The challenge is integrating those solutions with all your other systems – in the cloud and in-house,” says Bob Breitman, president of IT That Works in Bingham Farms, Mich., “It’s not just making them talk to each other, but making them talk securely.” Breitman notes that most breaches and data thefts are internal. He says the key is to have someone on staff that performs regular breach testing and security audits. “Don’t assume that just because you don’t know if someone has been in your system that no one has been there.”

Putting business operations on the cloud is sometimes perceived as less costly, but the total cost of ownership of a cloud-based IT function over three to five years can be similar to that of an internal department. A cloud solution, however, often provides more security, reliability, and flexibility. “A 75-user company might be running on a single server with one data connection coming in, one power source, and probably a dozen single points of failure that you wouldn’t have in a cloud environment,” says Breitman. “Most cloud set-ups are more robust than what you have on premises.”

Another advantage of doing IT in the cloud is the ability to eliminate the costly and time-consuming technology refresh cycle. Instead of buying licenses, installing new software and operating systems, and replacing servers every three to five years, a company can receive its cloud-based support directly from the vendor. “Instead of being a capital expense, the cloud is an operational expense,” Breitman says.

“Availability of capital may be tight, or if you can get it, it’s needed for something besides IT. This is an opportunity to shift that expense to a monthly, predictable item and spread it out. With the cloud you often pay only for what you use.”

The proliferation of hardware has led many companies to embrace the concept of BYOD, or “Bring Your Own Device,” a cost-saving strategy that lets employees use their personal devices for company business. A related reality, COPE, or “Company Owned, Personally Enabled,” allows personal use of company property. Regardless of who owns them, the fact remains that more than 8,000 phones, laptops, and tablets – and all the information on them – were left at U.S. airports in 2012.

“What happens if my device has the company’s proprietary information on it?” says Breitman. “With Mobile Device Management, the capability exists to remotely wipe devices, track them, and move features on and off. But what happens if that device is the person’s personal property or a company device with personal data on it? What rights do I have to eliminate things or turn things off?”

Breitman says companies should have a mobile device policy, but the issues are just emerging so it’s unclear what such a policy should say. “The marketplace will determine the rules,” he says, “but at this point most of them haven’t been tested in the courts. It’s fertile ground for argument and litigation.”

Because IT options are getting more complex, having a knowledgeable person to make the correct decisions is a must. “Lately I’ve seen a lot of technology being acquired by the CMO, bypassing IT. On the other hand, many technical people do not understand business,” Breitman says. “Every CIO ought to attend a mandatory class on how to read financial statements. Leaders must define the company’s objectives and get a well-educated integrator or CIO that can create an infrastructure that meets those business needs. Then you can choose which IT architecture makes the most sense.”

Return to Content Navigtion Assistance