Browse
related articles
"When you're faced with phenomena like BYOD ('bring your own device') and social networking, I'm advocating that you define a policy for those, as opposed to letting your users define that policy for you. And then obviously seek out technology that can help you enforce that policy.
"There's clearly a real change, that's happened quite quickly, in the way people work. The boundaries have broken down. Security used to be able to build a shell of protection around a network, but the whole concept of corporate network has become fuzzy."
Obviously with BYOD, simply having a company laptop, or desktop, means the straightforward ability to install protection has become more complicated. One piece of software is incapable of protecting a wide range of devices, including BlackBerrys and iPads, across wireless networks globally. But Ewart champions the protection of the individual user, as opposed to just the network, and device software. It's a shift in the whole concept of what - or who - needs protecting.
Web security policy is about education, as well as rules
However, offering a bespoke approach for individual employees may seem like overkill: "To make that work," explains Ewart, "you need a policy that understands not only the user but where they work, where they are, what device they happen to be using, what department they're in and how much clearance they should have.
"The employee also has to understand the nature of the web, distinguishing between sites including social networking - and particular activities within a social network. Spanning across all of that you fundamentally don't want the user to get affected by malware."
There are about 500 malware delivery networks worldwide and prosecution is a relative rarity. So, with the threat of malware delivery and data mining consistently looming, prevention is preferable to requiring a cure. Educating staff is a significant stride toward that prevention.
Steven Bond, Reporter
