Tag: mobile applications

Posted on

Mobility and the Cloud – Managing “Bring Your Own Device” and Securing Company Resources

There are lots of reasons why businesses are adopting cloud and Internet technologies in great number, and supporting mobile workers is one of the big ones.  In order for traveling sales people or workers in remote offices to have access to business applications and data, many organizations are turning to hosted and cloud solutions to centralize systems and make enterprise-wide access easier to deliver and manage.

What many businesses are just now realizing, however, is that allowing individuals to use their own mobile devices to access corporate data is exposing the enterprise to new (and often unknown) risk with each and every device and app that gets used.

Most businesses recognize the need to secure corporate systems while allowing users to remotely access resources from home or mobile computers.

Many CIOs and IT managers are failing to address the vulnerabilities introduced through the proliferation of tablets and smartphones in the business. Some enterprises initially embraced the concept of “bring your own device” [BYOD], as it tended to encourage users to work from home or while on the road, increasing employee productivity and keeping workers more “attached” to their jobs – all without the business having to pay for the device.

With growing numbers of reported “rogue apps” and apps that secretly collect and pass data, the potential benefits of allowing workers to use their own devices is rapidly being overshadowed by the risks involved.

Earlier this year, Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users’ address books. …but what if the app uploads a sales representatives’ contact list and the developer then sells it to a competitor? That’s a new type of data leakage that most organizations aren’t ready for.

http://www.cio.com/article/716368/Free_Mobile_Apps_Put_Your_BYOD_Strategies_at_Risk  

Phones, in particular, have not traditionally been viewed by most business owners as a primary platform for information theft or damage – other than when an employee uses one to tell someone something they shouldn’t.  But in terms of intrusion, data theft, application hacking and things like that… not so much.

But that was before phones got really smart.

Phones that most folks carry around now are actually computers with a great deal of processing and storage capacity, and as such are just as capable of running bad programs and being vulnerable to attack as their more obvious portable computer counterparts.  Perhaps they are even more vulnerable because of the “connected” nature of the device, because by its very nature it is geared towards communication of information, not just processing it.

It’s not that hackers and developers of exploits (or just bad code) are necessarily focusing on stealing your business data (well, OK, a lot of them are).  Maybe someone just got lucky one day, when they first realized that the employee phone was the “camel’s nose under the tent” which would get them inside, far enough to deliver access to confidential corporate information and data someone would pay for.  People tend to be the weakest element in the security chain, and exploiting vulnerabilities under the guise of “making things easier” for the user has been a highly successful approach (would you like to sign in with your Facebook account?).

..because attacks that target employees may well end up targeting the employer as well, even if the employer wasn’t the original target.

Whether it is intentional or not, the risk is very present, and every business and enterprise has a responsibility to recognize the vulnerabilities introduced with mobile device use and to do what it can to mitigate that risk.  It is also important to recognize that the risk is not a purely personal one, either.

Since the information held by most businesses also includes the information of others – customers, vendors, partners, etc. – it is essential that the business not expose itself to unnecessary problems (litigation, fines or penalties, or simply lost opportunity) caused by accidental leakage of confidential information belonging to 3rd parties.

For some businesses, the best answer may be to only allow use of devices the business provides, along with clearly written use policies and guidelines.  This approach allows the organization to determine which applications may be installed and to dictate how the device is to be used for business needs.

There are even solutions available which can assist businesses in managing the expenses related to mobile devices in the enterprise, addressing not only security and privacy concerns but also helping to optimize expenditures on mobile devices by monitoring contracts and usage, identifying underused agreements or overage charges, or even identifying contracts still in force which should have been cancelled.

For many businesses, however, allowing users to continue accessing business resources with their personal devices may be desirable for a variety of reasons, cost being only one of them.  If this is the case (as it is most often in small and growing businesses), it is important to make certain that users understand what is and is not appropriate device use, and to inform users on the policies relating to apps which may or may not be allowed and why.

Make sense?

J

Posted on

Disruptive Trends = Emerging Opportunity: Adapting to a changing technology and business environment

Every new day brings some new advancement in business technology, and much of this advancement relates to cloud computing, mobility, and new social computing models.  Information technology and solutions applied to business use have rapidly evolved away from paper-based or fixed-location tools, and are now oriented towards enabling mobility and anytime, anywhere access to business applications and digital data.

Trends driving change in business technology today may be reflected in two main areas: enabling solutions which are revealing benefit not previously recognized, and disruptive approaches which represent trans-formative changes to how businesses operate.   Disruption and transformation often generate new business opportunity, yet many professionals in accounting/finance and information technology fail to see the new potential available and resist anything which represents significant change.  These professionals equate change with risk, and are reluctant to entertain either.

An example of a class of solutions which enable the organization to “know more”, providing decision support through deep analysis and reporting of key business data, is the new generation of data visualization tools now available in forms and formats easily accessible by any business professional.  Previously, business owners had to rely on system analysts and accounting professionals to compile and report on various aspects of business activity.  Using spreadsheets and database driven chart-building systems, manipulation of large volumes of data was unwieldy and limited by available computer resources.  Moving beyond previously recognized boundaries in data collection and aggregation, tools now available assist users in combining data from disparate sources, and offer a rich suite of analytics coupled with the simplicity of drag-and-drop selection and exploration.

The opportunity introduced with this new capability does not rest solely in the analysis of the data.  Rather, it is in the control and the structure which must be developed to ensure that all relevant data being collected, and in the structure and control placed on those data collection and integration processes which will ensure that the information is properly associated or correlated, and accurately integrated into the model.   Completeness and accuracy of data is of critical importance, as is an in-depth understanding of the nuances of structured and unstructured data relationships.

In addition to the enabling solutions emerging on the market which are driving deep changes in how businesses see themselves are the advancements in technology which cause fundamental shifts in how business use technology to support operations.  The most evident advancement, often viewed as an approach which is disruptive to more traditional models, is the emergence of “cloud” computing models.  Cloud computing, connected services, and fully-managed outsourced IT solutions address a number of issues which have burdened enterprise IT deployments since IT departments were invented.

The difficulty for IT managers is that they are often overworked and underfunded, as information technology is not often viewed as a strategic differentiator but merely as a necessary cost of supporting operations.  Users view IT as being unresponsive and ineffective, and have little understanding of the balancing act required to meet user demands and at the same time deliver standardized enterprise computing services in a secure manner.

Mobility and the cloud has changed the landscape of business IT, and the concept of “there’s an app for that” is now fully ingrained in the user mentality.  Cloud solutions, sometimes introduced to the business by non-IT personnel and often viewed as “rogue IT” projects, have won adoption by business users due in large part to the simplicity of implementation, and often because they can deploy the solution quickly, outside of the boundaries established by internal IT management.  Information management within the organization must necessarily extend now to mobile computing devices, where an entirely new set of issues is revealed in terms of personal device management and distribution of corporate data and intelligence.  Professionals assisting the business with information management, access, collection and integration processes must now give greater consideration to incorporation of mobile device and application management, as well as the risks introduced with the broad use of personal computing devices within the organization.

The cloud represents a convergence of social and mobile computing, and introduces an entirely new class of business metrics to measure due to the significant increase in available data captured at various levels and through various types of virtual interactions.  With users being able to engage wherever and whenever they choose (“there’s an app for that”, again), businesses must shift IT focus to strategic enablement, creating standards for outsourced deployments, and infusing each effort with the security and control required, which is a mainstay of IT operations.

Big data, visualization and analysis, and mobile and social computing are changing how we do business.  As the trusted advisor to the business, the accounting professional should embrace these changes and the opportunities they present to deliver more value and service in each client engagement.  Accountants can help their clients understand how to do more with less – leveraging technology to improve operational efficiencies, and to structure, capture, integrate and analyze the relevant data which will reveal the risks and potentials of the operation under a variety of circumstances.

Disruption creates your opportunity to bring order to the chaos, helping clients compete and flourish in a difficult economy, and providing the proactive guidance and analytical support necessary to build and sustain profitability.

Make Sense?

J

  • Read more about how accountants need business intelligence, too
  • Read more about how there’s no fear and loathing in accounting
  • Read more about the pressure on accountants to deliver more value and intelligence to their clients
  • Read more about Data Warriors: accounting in the cloud