Alan Bentley of Blancco
As the COVID-19 pandemic rages on, organisations are forced to make tough decisions about business continuity and how to maintain profitability in a time of economic uncertainty, says Alan Bentley, president global strategy of Blancco.
Globally, enterprises have moved “non-essential” employees to a “work from home” model. This created several organisational challenges, including effective management of a distributed workforce and the need to quickly equip teams with the collaboration tools and IT assets required to do their jobs with as little disruption as possible.
The truth is, we simply don’t know how long this period of turbulence is going to last. While some companies are bringing employees back to the office, one thing is patently clear: Business will not resume as usual. And perhaps that’s not such a bad thing. Many business owners now realise that working from home can be successful, and that their businesses are able to survive and even thrive with a distributed workforce. But it’s apparent that all organisations must plan for every scenario possible and be prepared to navigate the fallout of a potential second lockdown.
While much has indeed changed, the need to secure and safeguard sensitive customer and business data has not. In fact, the threat landscape has also evolved, and bad actors see numerous opportunities to target home office vulnerabilities and intercept valuable data on IT assets.
Adapting asset lifecycles
The initial scramble to get employees outfitted with necessary IT assets, such as laptops and mobiles, was a key part of many organisations’ transition to remote working. But it was not without its challenges. Numerous OEM’s factories, including those of Samsung and Apple, were forced to shut down in response to the COVID-19 outbreak, and this left organisations facing IT equipment shortages.
In response, some firms have opted to instead procure cheaper, refurbished systems, predicting that the effects of the pandemic on business operations would not last. This newfound reliance on the secondary market for IT equipment is positive in many ways.
It not only reduces the amount of equipment contributing to growing levels of ewaste, but also presents an opportunity for businesses involved in the reprocessing of secondhand devices for resale on the secondary market. However, organisations need to ensure they are securing those assets appropriately.
Primarily, those enterprises procuring new assets must be mindful of how that IT asset’s lifecycle has changed and maintain a clear chain of custody over both that asset and the data stored on it. If more businesses do eventually start returning to work, they need to evaluate and assess the value of the data stored on out-of-use devices to determine if it has become redundant, obsolete or trivial (ROT).
Businesses must also avoid letting those assets stockpile, to avoid incurring unnecessary costs for storing assets that could be reprocessed and resold. Worse still, should that asset become lost or stolen and unaccounted for, it could potentially result in a data breach and an eyewatering fine from data regulatory bodies.
Securing data should be a continuous objective
With a change in IT asset procurement policies, CSOs/CISOs should turn their attention to ensuring their data security policies and IT infrastructure tools are updated for this new normal. Among other things, they must re-evaluate what they are doing to ensure the security of corporate and customer data when employees are using either corporate devices or their personal ones when working remotely, as well as how to meet compliance regulations.
We’ve discussed the importance of an audit trail and tracking chain of custody, but enterprises will need the necessary processes in place to permanently and irreversibly remove the data that no longer holds value to the business.
Fortunately, many of the tools used for appropriate methods of data sanitisation are automated, with solutions that can be pushed out by administrators to help continuously protect employees in the background, without the need for a significant shift or change from normal routines. Remote erasure practices also enable the sanitisation of devices that reach end-of-life, these can then be transported to the device processor without the threat of sensitive data being intercepted.
Amid so much change, organisations are undoubtedly going to be challenged in new ways. But it’s vital that they don’t fall victim to wholly avoidable data breaches, through the mishandling and lack of safeguarding of sensitive data on company IT assets.
Yes, culturally, and operationally, the face of business has changed forever, but securing data should be a continuous objective. And one that continues to adapt to a shifting threat landscape. IT asset management is as crucial a part of that as something like encrypting data, and enterprises need to adopt the basic hygiene practices, audit trails and appropriate methods of data sanitisation to ensure the protection of sensitive corporate and customer data.
The author is Alan Bentley, president global strategy of Blancco.
Follow us and Comment on Twitter @TheEE_io