Information Technology is a field in a state of constant evolution, particularly where security is concerned. As the discussion here notes, there is a need to balance security technology which remains ahead of the hacker's curve but which does not handcuff end users in the company. The discussion addresses the need for balance between Best Practice, Best Fit and innovation.
¶ … Insecurity
Managing Issues of Information Insecurity
The field of Information Technology is unique among professional disciplines due to its high-paced atmosphere. The quick change of technology, particularly within the context of systems design and electronic information data-basing means that management in this field must be prepared to acclimate to security demands, practice obstacles and end-user needs all while implementing a system that conforms to the particular needs of the firm in question. Technological advance is creating a highly integrated standard for operational usage, particularly in achieving a balance between security imperatives and freedom of usage. Indeed, this concern is at the center of the discussion here, which considers how best to pursue a business IT strategy in the face of so many options.
As the discussion here will note, there is a general emphasis on employing certain 'best practice' strategies in implementing Information Technology security strategies. The background to our case discussion denotes that this approach is often a consequence of a rather problematic attitude. Namely, the use of 'best practice' IT security strategies will not always occur because of the company's confidence in the selected approach but will often be employed because deferment to industry standard practices can help to diminish culpability for system failures or vulnerabilities. This underscores the decision made here to pursue a security strategy that combines the most appropriate elements of Best Practice with elements of Best Fit emergent from a more intimate understanding of the security and end-user needs specific to the firm in question. Here, the article by Microsoft TechNet (2011) offers a useful first step, and one that combines the two approaches. Here, the article reports, "in order to effectively secure your network environment, you must first become familiar with all of its components. Assessing your infrastructure involves not only identifying all assets and security issues, but also monitoring the quality of your overall security program. To determine your specific network security needs, you should consider several issues. First, you need to be sure that your IT staff has the necessary executive support to run a successful security program. If you find yourself on the same page with management on how to proceed, you should focus on establishing a process to identify and analyze security risks on an ongoing basis. Without such a plan in place, you run the risk of initiating projects that are not solving your largest security problems." (Microsoft TechNet, p. 1)
And certainly, few small or medium businesses (SMBs) can afford to implement a major IT overhaul only to witness failure. This is why there is a distinct need to conduct the step above, recommended as a phase in the Best Practice strategy but also implying that said strategy is not mutually exclusive from steps reflecting a Best Fit approach. Here, scanning the network environment and the environment attendant to the organization's culture can help key decision-makers to identify areas of potential difficulty, to emphasize internal strengths which might dictate a particular strategic direction of the implementation and to ensure that personnel within the firm are aligned with the skills needed and the goals expected from the new system. In order to avoid the resistance of end-users though, it is important to design a new IT system that plays to their experiences and expectations within the field while still making efforts to advance the company's technologies orientation.
Accordingly, we consider the prospect of Cloud technology, which allows for remote user access of secure communication, application and file-sharing 'clouds,' thus promoting mobile work access while employing the latest in secured business technologies. Also essential, given the always evolving IT sector, is the adaptability of this approach. According to Phifer (2011), "for many SMBs, renting a secure cloud app is easier than installing that application in-house," said Siamak Farah, CEO of cloud provider InfoStreet. 'Cloud solution providers can deliver endpoint-agnostic secure access to most of the applications that SMBs need from email, CRM, and calendars to ERF, file-sharing, and teleconferencing. While this might not meet all enterprise [remote access] needs, for SMBs it can be a significant improvement because applications can be added quickly with the server side secured by the provider.'" (Phifer, p. 1)
This denotes that security is essentially outsourced using the Cloud, meaning that the charge of maintaining the confidentiality and privacy of our business interactions will rest with a trusted third party. In addition to freeing our company from the labor responsibilities of maintaining such a system, any internal training which is required can be conducted by the consultants dispatched to us. In either regard, moving to this cloud-based strategy is particularly appropriate given the emphasis in our company on telecommuting through the use of smartphone and tablet devices. The use of the 'cloud' strategy will call for the distribution of streamlined technology such as a tablet device to all participating personnel. This will have the effect of providing users with reliable security and, simultaneously, a mode of conducting business which promotes greater rather than lesser remote-site interaction.
You’re 86% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.