Data is an asset which holds tremendous value to an organisation. Consequently, just like other valuable assets, it needs to be suitably protected. Otherwise, the impact of a security incident may result in downtime or business disruption, financial losses, as well as other intangible damages to an organisation’s brand name and reputation.
Data-related security incidents may occur to both individuals (such as the iCloud leaks of compromising celebrity photos) and organisations alike (like the Malindo Air customer data leak). For those two cases, however, investigations have shown that they were not caused by security vulnerabilities within Apple’s iCloud infrastructure, Malindo’s data infrastructure or that of its cloud provider, AWS.
Organisations spend millions on securing and protecting their data, so why are such security incidents still occurring regularly? According to investigations, the iCloud leaks were a direct result of weak passwords and password reuse, while Malindo Air became a victim of malicious insider threats, in the form of two former employees.
Does your organisation have the necessary security policies to protect your data? Today’s workspaces allow employees to use multiple devices, from company-issued notebooks and BYOD, such as phones or other devices.
Do you need to enforce the necessary “complexity” of passwords for your users? How do you enforce and audit such policies? More importantly, how many different passwords for different applications do each employee need to remember?
Password fatigue is a real issue. Having to remember an excessive number of passwords will lead to other possible issues, such as employees sticking their “list of passwords” in plain sight, like their monitors, for instance, for convenience.
Meanwhile, the Malindo Air incident highlighted that a breach is possible even when security policies are seemingly in place. Why did former employees still have access to critical information? Why was access not revoked upon termination?
In many organisations, different employees use a number of different applications. During onboarding, different PICs in different departments may create accounts and passwords for them to access those applications. But when they leave the company, how do you ensure that their access to all the sensitive applications and data are also terminated?
Hence, in the new digital workspace era, protecting your valuable assets begins with a well-defined, comprehensive security policy. Furthermore, you need to establish the necessary procedures, with regular audits, to ensure compliance. More regulatory authorities are now increasing their compliance requirements, or at the very least, providing guidelines for information security management. Many SMEs may not be directly required to comply, but do remember that some of your customers, like banks or public companies, may require your compliance in order for you to continue doing business with them.
The majority, if not all, of large enterprises or MNCs have their security policies in place. The task, however, may be more challenging for SMEs that have access to fewer resources, tools, talent and the necessary consultancy services.
In terms of tools, VMware Workspace ONE may be the answer to what organisations need to ensure their employees have a secure digital workspace. The simple and secure digital workspace platform from VMware offers added visibility over the usage and access for IoT devices, which can help organisations significantly reduce security threats. In addition, IT administrators are able to deliver applications and manage them quickly, securely and cost-effectively.
VMware Workspace ONE is offered via a SaaS subscription model (for a minimum of 25 users) for less than US$4 per device per month (Standard Edition), to provide businesses with the basic device and application management tool that they need in today’s era of rising data security challenges and complexities. The advantage of using such a cloud-based solution is that it eliminates the need for large and costly IT infrastructure investments.
More advanced versions, such as the VMware Workspace ONE Enterprise Edition, can provide additional levels of security and features, such as email and content management, or even application delivery and virtual desktop infrastructure.
To find out more about how your organisation can have better control and visibility over your employees’ endpoints and mobile devices with VMware Workspace ONE, click here.
* This article sponsored by Net One Asia, an IT Managed Service Provider which offers end-to-end solutions, including basic IT Information Security Policies, implementation of VMware Workspace ONE, as per policies and managed services to operate the environment. This includes the onboarding of new employees, patching of devices, OS and applications, and the necessary offboarding IT procedures for departing employees.