This era of connectivity began with being able to remotely access business networks through laptops, and now employees can readily connect to business applications with cell phones. Those extra access points represent risk that has to be managed by the company's IT group, according to Protiviti's Michael Porier.
"They can implement the appropriate controls and enable devices that they approve to be on the network. If they do it that way, then they can control some of the access controls with respect to how viruses may need to be protected and access controls for passwords, and making sure that if you lose your phone they can remotely wipe it so that any sensitive information can't be accessed later. Most companies will make sure that those security controls are mandatory before they allow access of that cell phone into their network."
And technology changes constantly, forcing companies to periodically review and update their policies.
"There definitely has to be a concentration to make sure those controls are in place and that reviews are performed on an annual basis to see if those controls are working. It's something that a lot of companies are really struggling with, to figure out on a go-forward basis, are they going to implement cloud-type technologies? The cloud technologies are a way to transfer some of the applications and services that typically reside on site off to an external provider. In a lot of cases that will save a company a lot of money, but it also introduces some additional risk with how they manage that information outside of the domain that they typically have control over."
Protiviti provides independent internal audit and business and technology risk consulting services.