Boundaryless companies and their security problems
In this fast-moving digital world, companies are becoming boundaryless. Due to the Internet, the world is smaller, giving businesses the ability to reach further. Smart devices and cloud-based resources have changed the way we see and share information. Gone are the days of surrounding employees with four walls, a filing cabinet, and a desktop computer.
The boundaryless company is a term first coined by General Electric CEO Jack Welch in the 1990s to describe his vision of breaking down the physical and hierarchical barriers to promote continuity, teamwork and great ideas to spread within the company regardless of where a GE office was located.
Twenty-seven years after Welch’s prediction, his vision of a boundaryless company is standard operating procedure worldwide.
Walls no longer bind companies. Businesses are on the road, at home, even in your pocket, available 24/7 via a smart device. Employees are more connected to their workplace than ever before, and can seamlessly work together regardless of whether their offices are separated by a wall, a city, or the Atlantic Ocean.
Despite the obvious perks of becoming more digital, streamlined and connected in spite of location, the downside to having a boundaryless company is the security breaches and potential data leaks that come along with it.
Hey, nothing’s perfect.
Many IT infrastructures – email servers, websites, CRM services, applications, etc. – are cloud-based, thus accessed by employees, former employees, partners, and clients, meaning huge risks of security breaches and data leaks. These risks are a very real threat to your business’ future success; so embracing ways to protect assets, data, and resources should be part of any modern company’s culture.
Critical data and property are no longer safely tucked away in the office, but floating seamlessly between departments, homes, computers, tablets, and other smart devices, instantly accessible to customers, employees, ex-employees, or to anyone who picks up a work phone left in a taxi.
In fact, your valuable company data is not in your control at all, it’s in the hands of many people all at once, and if they aren’t savvy about cybersecurity, this leaves your valuable data in the hands of the wrong people.
Cybersecurity is more important than ever, with internal attacks and data breaches happening all over the world on a daily basis. There are 122,000+ cyber attacks a week, companies can’t afford to be relaxed about their security anymore.
The nature of boundaryless companies means sharing resources or platforms with other businesses, and accessing those resources from outside of the company. If you’re a small or medium-sized business, the public cloud gives you roaming flexibility while allowing you to spread costs across a number of users, meaning multiple customers are sharing the same resources: storage, CPU, memory, etc.
As you can imagine, vulnerabilities have arisen as a result of this multi-tenanted environment because intellectual data is not contained within your own systems. Private data and secrets could accidentally leak to other tenants.
If your company hasn’t suffered from a breach already, don’t presume it won’t happen. It’s almost not a matter of if, but when.
You don’t need to put data and infrastructure back into a building to control it, but you do need to embrace and understand cyber security and how to keep your company safe from internal and external attacks.
Bruce Schneier, an authority in the security industry, wrote that “security … it’s a combination of people, process, and technology“, based on that thought, we are listing some universal best practices for companies to follow:
Control who has access to what and when.
There’s a fine line between heavily controlling your data and allowing your employees the freedom to do their jobs well. They need access to data in the office, on the road and at home, but you must put in place a system that ensures the information is secure.
Monitor and audit access.
Without monitoring, there is no security or integrity of your intellectual property. It enables personal accountability and tracking of security breaches.
Control and manage keys and credentials.
Passwords and keys should be securely stored in a centralized system. They should be changed every few months and never reused. Passwords should contain upper and lower case, symbols and numbers. Changing passwords is especially important when employees move on because an employee with a grudge can be dangerous.
Remember, often the biggest threats come from within a company.
Staff should be aware of your company’s cybersecurity practices and be implementing them in their daily work life. Managers and CEOs need to lead by example with their security habits, to show employees that the company takes security seriously.
In addition to security systems already in place, such as firewalls, encrypted communication systems, VPNs, etc. You’ll need a robust system to manage privileged accounts and credentials of your organization. Prevent security breaches by using a solution that combines people, process, and technology to tackle the core problem of cyberattacks.