What does the collaborative economy mean for information security?

1 2 Page 2
Page 2 of 2

Using sophisticated information systems, the Mesh also deploys physical assets more efficiently. Not always and not for everything, these networks or platforms that manage shared transactions has the growing capacity to soar past a company that sells something once to one owner. Everyone reaps the rewards of dramatically improved service and choice at a lower personal and planetary cost.

Collaborative economy and information security

So what does the collaborative economy have to do with information security and risk? A lot.

There are numerous security questions in the collaborative economy if everyone's sharing goods, space time and money.

Your workers can now take idle systems, be it in IT, facilities, servers, hotel rooms, office space, you name it and rent it out. CFO out on vacation for the week, office space sold.

However, now that many are sharing space, time, cars, goods and money, how will we provide a secure and safe environment?

Even with the security risks, it’s important to note that there are many benefits to the enterprise in the collaborative economy. Employees can share corporate cars, assets and more. This has opportunity as much as it has risk. The challenge is finding the balance.

Action items

Here are some things to do:

  1. Don’t hire people you don’t trust. If you can’t trust them, don’t hire them.
  2. Understand what the collaborative economy means to your firm. Determine how much of a risk it may pose.
  3. Update policies – make it explicit what employees can/can’t do with corporate assets. It’s best to use a carrot and stick approach. Let them know what’s OK, but don’t be overly heavy-handed such that it will alienate your best workers. Engage the team in the dialogue and make it a two-way conversation about ‘shared assets’.
  4. Get legal counsel involved – your firm may have legal liability if you don’t have specific policies. There can be significant liability if a corporate asset is shared, rented or borrowed, and then used and creates damage. In addition, in some municipalities, the actions may be illegal. The last thing you want is your employees engaging in criminal activities.
  5. Work locations – Jeremiah Owyang noted that many employees may now use or co-use working spots; sometimes with, but often without, corporate IT approval. This may have exposed Wi-Fi networks just as coffee shops do and hotel lobbies. If this is the case, ensure appropriate security controls are in place.
  6. Tighten the network – but realize that employees with smartphones don’t need the corporate network.
  7. If it moves, put a number and a sensor on it - be it a server, storage array, power supply, monitor, keyboard or anything that moves; ensure it’s tagged, and you have a policy prohibiting users from any non-business use. Let people know the item and their usage is being tracked. One of the mantras of the new economy is access trumps ownership. If they can access it, it doesn’t matter who owns it. The collaborative economy is about harnessing idle capacity. If you have idle items, they will be harnessed.
  8. Review insurance coverage – especially for firms that have vehicles. Let the drivers know that they have no pass, outside of approved use for the vehicles. And if they do violate the policy, they are not covered by the corporate vehicle insurance plan; they are on their own.

Conclusion

The collaborative economy is growing quickly and unless something unexpected happens, it won’t be stopping anytime soon.

As a security professional, keep that in mind.

Ben Rothke CISSP is a Senior eGRC Consultant with Nettitude, Inc. and the author of Computer Security: 20 Things Every Employee Should Know.

Related:
1 2 Page 2
Page 2 of 2
NEW! Download the Winter 2018 issue of Security Smart