Along with the benefits of networked systems – easy information sharing and the ability to work wherever and whenever – comes responsibility. Professionals in all industries have the responsibility to protect their customers’ (and their own) confidentiality. When professionals access their office networks and exchange information with other organisations, confidentiality is paramount, though not always easy to achieve.
The good news is that sharing information, central services and applications is becoming easier and less expensive for organisations to implement. On the other hand, not all run-of-the-mill networking solutions protect confidentiality as well as they should. In these early days of network communication, companies can become too focused on features and functionality and overlook key security functions. Although the capability to exchange information between agencies and organisations is critical, the security systems and standards involved vary considerably and may permit hackers, insiders and even criminal organisations to access your private data.
Security can be achieved more easily when employees access company networks from a secondary office or from company-issued computers. But that’s rarely the norm. Increasingly, workers use equipment that doesn’t belong to them, such as computers in Internet cafes, airport terminals and customer and business partners’ offices. Even when workers use office-issued computers, it’s vital that sensitive information is protected in the event that their PDAs, PocketPCs or laptops are lost or stolen. In this case, it’s critical that the authenticity of the user is validated before information is released, and that the confidentiality and integrity of data is assured in transit. In allowing users to access sensitive data, communication routes must not open up other vulnerabilities.
So, what are the primary considerations for choosing the most suitable and effective network solution for your business?
Independent verification is key. To achieve an independent assurance ranking, manufacturers must subject their products to evaluation by an external body. A third-party independent assurance group evaluates the performance and quality of a product. They determine if the security mechanisms and functions achieve confidentiality and fulfil compliance regulations. Examples of trustworthy independent assurance vendors include Communications Electronics Security Group (CESG) in the United Kingdom and the US National Institute of Standards and Technology (NIST) in the United States.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.