5 Tips for How to Work Safely beyond the Corporate Firewall
Kevin Parker

By: Kevin Parker on September 8th, 2016

Print/Save as PDF

5 Tips for How to Work Safely beyond the Corporate Firewall

Information Security

Today’s workforce is increasingly distributed, increasingly mobile, and increasingly expecting telework options. This equates to more people working beyond the corporate walls and beyond the corporate IT firewall. But how can organizations offer such flexibility without losing control of their information? 

Perhaps a more pertinent question is: do you have control of your information now?

In a world of exponentially increasing information volume, velocity, and variety, organizations are swimming in information chaos. The first step to bringing order and control back to corporate information is to develop a unified information strategy and architecture. It’s all about managing every kind of information from every source and every process and every device.

Some people tell me we should focus on flexibility and forget about control. Others say we have to control information and forget about flexibility. I say you can and should have both. The only real way to maintain an acceptable level of control is also to offer your workforce flexibility. This is more important than ever in this age of working beyond corporate walls and firewalls.

Get Your Free Report: Information Security - Checking the Locks

You may have the best information management system and internal governance on the planet, but if you don’t accommodate distributed and mobile staff, you will lose control. People will find a way around your firewall if you don’t provide it for them. Basement email servers, unauthorized cloud drives, and personal smartphones, oh my!

To safely work beyond corporate firewalls, follow the “cloud first, Web first, mobile first” principles of solution design for flexibility and control:

Tip #1 - Develop a unified strategy, architecture, and governance.

Document and clarify your processes and information channels and types into a clear strategic map. Streamline what you can and eliminate systems that no longer fit your strategy. Design an architecture that is simple enough that decision-makers, IT staff, and vendors can understand how people, processes, technology, and information intersect and work. All information (including data, content, records, and knowledge) and all systems and devices should be under one umbrella of strategy and leadership.

Tip #2 - Design infrastructure for the cloud.

Applications in an external cloud environment are already outside your firewall, and this simplifies allowing distributed and mobile staff to connect. Most organizations are either moving everything to the cloud or planning to operate a hybrid internal/external cloud infrastructure for the foreseeable future. Whether using Software as a Service (SaaS) or Infrastructure as a Service (IaaS), systems maintained by reputable cloud providers are more secure, more reliable, and more scalable than anything you can build on-prem. Even your on-prem infrastructure should be designed as an internal cloud environment.

Tip #3 - Design applications for the Web.

Web applications can be accessed by any modern networked device. They can also be extensible and allow standardized data interfaces with other systems. Modern Web applications are easy to develop, manage, and improve compared to other kinds of applications. Not all apps have to be Web apps, but in many cases, they are preferred, at least for the user interface layer.

Tip #4 - Design user experience for mobile.

Application interfaces should be designed to work very well on mobile devices first. Start with a Web-based browser interface that works equally well on mobile and tablet devices. Then progressively enhance the user experience as necessary for desktop browsers. Another way to approach this is “responsive” design that determines layout and features based on device screen size and capabilities. Invest in usability and accessibility. If it makes sense later, consider native mobile apps—but don’t start with these, as they are expensive to develop and maintain and are much less flexible for progressive improvements. Vendor-supplied mobile apps can be part of your capture process and are usually preferred over developing your own.

Tip #5 - Provide a single entry point.

Having multiple systems is okay. Having multiple entry points is not. Some organizations are moving to a single platform for information management to simplify everything from the user experience to pricing to technology management. But even if your organization decides to operate multiple disparate systems, for now, creating a single entry point for users provides the flexibility and simplicity they need. The intranet home page can easily be this portal to all corporate applications, especially if these are Web applications.

What about security and privacy? What about single sign-on, mobile device management, and data encryption? These initiatives fail when they are done individually. But they are attainable with unified information strategy, architecture, and governance using cloud first, Web first, and mobile first design. Providing this kind of flexibility and experience greatly reduces the incentive for staff to find ways around your controls. This design approach also enables important functions like quality management, records management, knowledge management, business continuity, and information assurance.

People will take the “path of least resistance” in working with information. If you provide that path, you will have much greater control of the information from end to end.

 

Free eBook: Information Security - Checking the Locks