Information security in an Agile Environment

Your company’s data can be one of its most valuable assets. It is the lifeblood of any organisation, so it is imperative that it is kept as safe as possible. The increasing use of the Internet and the ability to access business data from anywhere from many types of device is changing the way we work, offering increased flexibility and efficiency. Unfortunately these benefits have also introduced new risks that need to be addressed.

Mobile working, while liberating, also introduces risk. For example, using a public Wi-Fi network in a restaurant or an airport lounge puts the user at risk of having their communications or even their device compromised by malicious parties. Mobile devices can also be lost or stolen along with the data stored on them and along with the access they might have to other remotely stored data. To mitigate these threats a combination of best practice in the way that IT equipment is utilised and user education is required.

Replacing traditional on-site servers and software with cloud services is also becoming an increasingly attractive proposition for the SME. This potentially cuts cost in IT support, hardware and software. The cloud data storage model does indeed outsource your data security to a third party, transferring many of the increasingly technical issues to the service provider, however the right questions need to be asked to ensure that your provider is as safe as it can be. For example, do your service provider’s data centres comply with industry security standards, or are they located abroad where data protection laws are less stringent. There will always be risks, but you need to be aware of their magnitude. 

Through the agile project we are able to advise on a range of security issues that your business may face in the real world. These include: 

Mobile security: Helping to keep your data safe on the move through encryption and mobile device management.

Network security: With more and more of your company’s services being available over the Internet it is imperative that you ensure that access to your data is as secure as possible. 

Security best practices: Application of often simple good practises in your use of IT, for example use of strong passwords, or limiting the privileges of your user accounts, will significantly improve your data security.

Social engineering: Not all threats against your company come from the Internet. Whilst many people would know not to click on a link in a spam email or open up a document would they fall to temptation and put the usb stick that’s marked ‘private and confidential’ into their computer to see what's on it or give their username and password to someone claiming to be from your service provider or IT department. User education is an important part of any security policy.

The Agile Office Project is part-funded by the European Regional Development Fund