A Post-Compliant World? Part 3

My previous (the second) piece of this series considered current difficulties of ongoing InfoSec assurance efforts. Let’s now turn to how things could look in the near future.

A Sea Change in Public Services

The IT revolution has quickly – but quietly – undermined long-held ways of providing customer services. Over the past twenty years, a familiar model of offices providing counter-based services has been succeeded by a mix of online services and telephone enquiry filters (e.g. those – never popular – “press x for y” prompts). On the whole, this has led to quicker and more accessible services that are more efficient and much cheaper i.e. less waiting (and travel) time for customers, fewer business premises/employees for providers to have to pay for.

This shift to greater efficiency has only increased pressure to automate. But while increased personal technology has provided more opportunities for people to reach out to a greater range of services, the risks of data loss have risen. Customers have not yet adjusted to this new reality: expensive and remote as they were, counter-services enabled customers to entrust their information to individuals. But developments in networking and, personal technology have hastened the erosion of the physical security provided by fixed premises.

Assurance methods predicated on restricting access and data management are continually undermined by changing technologies. Accepted ways of doing things are shifting constantly through demand for what new technology makes the ‘new normal’. What is normal outside of corporate shells is also increasingly the expectation inside of organizations. This continues to challenge Infosec assurance models. Like one of those shape-shifting beings of fantasy, the Infosec countermeasures are found wanting as the out-of-control science experiment morphs and changes. Take for example, Bring Your Own Device (BYOD)

BYOD: ‘Balk Your Obligations/Duties’?

While BYOD certainly brought (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by John G. Laskey. Read the original post at: