Page 100 - Using MIS
P. 100

Security Guide







            SeCurinG CollaBoration





            The collaboration tools described in this  chapter   are usually looking for keywords in your email so they can
            do indeed facilitate collaboration: They help groups im-  target you with relevant ads. However, given the sensitive
            prove the quality of their work while reducing travel and   nature of the R&D division, this is a big concern.
            other logistical expenses and facilitating international   Next comes an equally important concern—data stor-
            work. They can enable people to participate in meetings   age. Losing even a small number of R&D files could be
            asynchronously. However, they also pose security risks—   extremely damaging. Internal researchers use a variety
            possibly serious ones.                               of cloud-based data storage services like Google Drive,
               What are the security risks you face when collaborating   Dropbox, and OneDrive to share documents with each
            with others? How important is it to keep your internal commu-  other.  Even though  the  connections  to these services  are
            nications confidential? Do you really know your data is secure?   secure, none of the documents are encrypted.
            It  turns  out  there  are  many  different  security  risks  involved   To make matters worse, they access these services us-
            when collaborating with others. Here is an example that il-  ing a variety of different devices such as desktop PCs, lap-
            lustrates just a few of the problems that modern workers face.  tops, tablets, and smartphones. What happens if they lose
               Imagine you are working for a pharmaceutical company   one of these devices? Or, worse, a disgruntled employee
            in its development division. The CEO is worried that the com-  could “share” a folder full of sensitive R&D documents with
            munication and data sharing among the researchers in the   an industry competitor. Preventing data loss is at the top of
            R&D division might be vulnerable to corporate espionage.   your list of possible security concerns.
            He tasks you with identifying all of
            the possible ways the R&D division
            could lose trade secrets. He wants
            recommendations on how to make
            the company more “secure” by the
            end  of  the day. Oh,  and  to make
            things worse, you’re working for an
            international firm with locations in
            10 different countries.
               You  start  with  the  most
              obvious—email. You know that
            you have a secured connection
            (https) to your email server when
            you send email. But none of your
            emails are encrypted. Your email
            could be read by the person man-
            aging the corporate email server
            (an insider) or by the person man-
            aging the destination email server
            outside your company. It turns
            out that the vast majority of email
            sent through large email providers
            is routinely read. These readers
                                                                                               Source: Tsung-Lin Wu/Fotolia
        68
   95   96   97   98   99   100   101   102   103   104   105