As security practitioners we're always looking for ways to secure the enterprise and all of the assets within. Many times, we focus inward when analyzing anything that may influence the security stance of the enterprise. But what happens when external, global influences impact your enterprise and all those you do business with? This is exactly what many security professionals are going to be looking at, if they aren't already.
Economic conditions are shaky across many parts of the globe. What's more, energy costs are skyrocketing and forcing enterprises to change how they approach profit making. As with any significant shift in business processes, security professionals are going to have to solve a multitude of new issues.
Let's take the gas crunch for instance.
The cost of fuel has many employees screaming for telework programs. The enterprise risks losing key talent simply because they can't affordably make the commute nor can they afford to live closer to the office. This, of course, means that the enterprise will be heavily leveraging current VPN deployments or implementing more robust solutions in order to handle the load.
VPNs will be called upon to pass more than simple web front ends and file shares. They will be called upon instead to extend all enterprise tools and systems down to an endpoint, including telco services. VoIP services from companies such as Avaya only require an Internet pipe, a head set and a mapped extension for end users to use their office phones anywhere Internet access can be found.
From a security standpoint, this poses a long list of questions, which means that you're going to have to assemble key personnel from all areas of the enterprise to find answers. As the business extends these services to employees and customers alike, a heavy reliance on the VPN will mean that you better have your business continuity planning (BCP) and disaster recovery plan (DRP) experts at the table.
Don't forget the lawyers who will need to answer liability questions when the workplace spreads to areas outside the walls of your enterprise. This sounds simple conceptually but is still one heck of a task. Just ask the folks from the Department of Homeland Security and you'll quickly realize that there are tons of things that need fleshing out.
That said, you should already have a framework in place for some of the issues stated above. But you're also going to have to make adjustments in order to support a mission critical remote access programs and any other significant shifts in the business process.
With airlines raising rates weekly, it seems, the profit margins for road warriors are going to be thin, if not in the red. In order to reduce costs, expect management to ask for video conferencing capabilities to facilitate meetings. Why spend $10,000 to send out a group of employees to an off-site location when you can assemble everyone via video conferencing for a fraction of the cost?
Also expect vendors to leverage Web demos instead face-to-face pitches. A non-issue in the past, enterprises today may find it hard to absorb the steep costs associated with travel today. The sad news here is that you won't be treated to as many of those free vendor lunches in the near future. However, employment isn't such a bad perk right about now.
As with all change, the C suite is going to ask about costs. Deploying a telework program costs money and so do the supporting technologies. While the classic VPN model is certainly a good option, it can also be very expensive. The C suite may not be willing or able to sink a large capital investment into this program while still keeping the lights turned on.
Bleeding-edge enterprises are in the same boat as the rest of us, only they aren't looking to deploy VPN solutions. In fact, current global conditions are forcing interesting options to the table.
One such solution is cloud computing, also referred to as "the Google model". One large unnamed company recently introduced a pilot program that leveraged cloud computing. All of the company's crown jewels were heavily protected and hosted by a managed service provider. Employees were given a set amount of money ($1,000) to purchase any device they like in order to perform their responsibilities.
This model removed a significant amount of overhead that would have been otherwise spent on managing endpoints and data, and also the cost of keeping high salary IT positions in-house. The cloud model along with SaaS provided a natural telework environment as users and business partners alike were able to work and collaborate from anywhere.
Did the pilot work?
In the first 6 months, the company saved 9 million dollars. Without revealing the identity, it is one that everyone on the planet has heard of.
If you haven't seen global economics influence change in your organization yet, you can bet that you will very soon. Given this, it is wise to start thinking about new approaches or re-engineering existing ones in order to save money, retain key talent and survive the rough road ahead.
No one can be certain which approaches will fare the best, but one thing is certain, you will be very busy securing the enterprise during these drastically changes.