Subscribe

Managing organisational risk

For tools or technology to be valuable, they must improve profit, reduce loss or improve the risk against loss, and maintain organisational stability, says Kevin Halkerd, senior security specialist at J2 Software.


Johannesburg, 02 Sep 2015

Organisational risk can be reduced to two base constituents: loss or diminished profit, and loss of stability. Similarly, for any tool or technology to be valuable, it must do two of three things - improve profit, reduce loss or improve the risk against loss, and maintain organisational stasis and stability.

So says Kevin Halkerd, senior security specialist at J2 Software. "Companies who are not on the map in terms of using tools that accomplish that, are already handicapped."

At the same time, the adoption of new technologies, and the management thereof, will add to risk. He cites the example of BYOD, where, in an effort to remove the end-user computing environment cost, users were introduced to bringing their own devices, or in some industries, choosing their own devices.

"Trends like BYOD will always bring more risk. Even with the latest security apps and devices, your company data and app access may be safe, but these things aren't easily managed on employees' devices. Any particular technology landscape requires a long-term business commitment. Businesses can be influenced by a slick mobile device marketing campaign driving the latest Android or iOS device, for example, and these devices change every year. This is what is happening now; companies are going for the latest and greatest, and sensitive data can be lost when businesses don't keep with up the BYOD trend rationally."

He says there are solutions available to secure BYOD, but these introduce yet another risk, that of price. "These solutions require either dedicated personnel or management platforms and software. The reality is, IT administrators are too busy with their daily tasks, and don't have the time to devote to the continuous management of BYOD. You will require additional heads or tools; most likely both."

In addition, Halkerd says the cost to the business may be impacted a lot more than anticipated because of the adoption of additional technologies. "This compounds with the next risk, that of complexity. A company starts a BYOD project to make the company more efficient, then is faced with all the additional people, gizmos and black boxes needed to make it happen."

He says although there are exceptions, these are more often than not outliers. "BYOD is a nightmare proposition for most SMEs seeking maturity. It's a minefield fraught with many nasty surprises and many, many losses of private and sensitive data. There are ways to mitigate these risks. Firstly, clear objectives and milestones in pathfinder projects. Next, pick a familiar spearhead technology and set achievable goals."

He advises to start with a BYOD trial, offering a selected range of devices for users to choose from. "Are you a Windows end-user computing environment? Try a Windows tablet. Make sure it is monitored. Use a tool like SystemSkan or device level productivity assessments to learn how users interact with technology."

Once you have done this, make an informed decision. "SystemSkan's ability to discern active and passive work times of user tasks makes it a wonderful performance benchmark reference tool for new technology adoption in end-user computing environments. Sometimes users just won't be effective or efficient with the latest tablet, and sometimes there will be a select super user group that will."

According to Halkerd, knowing how to tailor the solution to your organisation and not how to fit your organisation to a technology choice is the key to maintaining organisational stability while still advancing technology and engaging users in their choice and need.

"Cement the informed decision in standards and policies with clear-cut requirements and goals," he says. "Use tools like SystemSkan to establish a programme of continuous risk and performance monitoring and improvement to drive profit, manage and reduce monetary and information loss through effective reporting and business enabling. Demonstrate and regularly test controls to assess efficacy."

Share

J2 Software

With global markets in a state of constant flux and companies looking for innovative ways to ensure their survival, more companies are resorting to protecting their market share and optimising their internal resources at all costs. J2 Software has been at the forefront of assisting companies in achieving these goals by providing effective and easy-to-manage data security and policy enforcement solutions.

J2 Software provides solutions and services that allow its customers to leverage technology to reduce risk, improve compliance, cut costs and keep control. The company offers its clients complete peace of mind through the cost-effective delivery of world-beating policy enforcement and compliance solutions, communication cost allocation, data security, encryption and PC protection tools and services.

The company has implemented solutions in South Africa, Angola, Botswana, Kenya, Malawi, Mauritius, Mozambique, Tanzania, Uganda and Zambia.

J2 Software represents SystemSkan, Mimecast, Zscaler, SentryBay, Aspivia, Secude, Avira and Flickswitch.

Editorial contacts