Skip to main content

Online information provided for stakeholders' consumption

It must relay the true meaning and real application necessary in the physical world. We have probably all experience how to learn first thing about our plans before we go ahead and act. Like for instance, when we order something online, attend to some responsibilities for our organizations, communicate with people via video, chat and email including but not limited to asking stakeholders, very politely and sincerely, if there's anything else we can do to help further. This online environment must make us work to facilitate and relay exactly what we expect and do in the physical world. What the online information is telling us should be enough to readily make a decision and act accordingly. This is especially true when people have to do it themselves, read relevant information and will go there, say store, or anywhere else, to perform the chores required.  We cannot provide information online, when customers expect them to be a guideline or instruction to do something, that we know

How do we see security and privacy in the enterprise

Enterprise system, infrastructure, data, services, distinct roles, operating functions and management controls have built in basic security and privacy capabilities. Whether or not it is a mandate, which is usually assured and backed by business conduct and applicable policies, security and privacy have to be utilized and configured correctly to suit the needs of the entire organization not just a particular scope or business unit.

Security and privacy attack vectors and velocity have never been so dynamic and logistical opportunity is not a burden at all nowadays.

There has to be an unwavering disposition on security and privacy initiative.

Regardless of industry setting, security and privacy must remain a foothold mechanism by the technology at large.

Security can be designed and deployed to prevent incidents and malicious intents toward technology and data.

Technology and data are complementary on purpose and they can be tightened, not restricted, not only by making sure their built-in controls are properly applied but by scaling such mechanisms with specific security that is fitting to the requirements of the entire system. Enterprises must be distinct and not generalize an effective application of security in an enterprise setting.

We can start with our own idea, knowing what must be done but we don’t necessarily need to be a practitioner, by considering a technology initiative for a small business. Here we can say, they have computer systems, network and business applications that are all obvious to their setup. In their context, security can be made sure that it is working due to built in controls that were applied including operating systems update, firewall which permits only services, access to business applications and data that needs to be enabled and opened to end-users using a different computer that is authorized within the network. We can imagine how this has been described. It has no server, no dedicated storage device and it’s just some computers purely connected to a hub or unmanaged network switch. They may have a network with workstations’ sharing enabled which connects every computers and end-users to connect to their business applications and data. There’s not much to protect in this setting and there is no need to acquire additional security solution. Their systems are being protected by their workstations firewall, anti-virus and the immediate or regular application of available software update. Their data privacy is protected by their ability to apply least privilege and restrict computers and end-users access to human resource and financial data regardless if registration for compliance purposes is mandatory or optional. The restriction and authorization are key here since they don’t have specific technology to manage this. With a minimum of twenty computers up to 30 or a little more, this can be done with the people’s wits, using eyes and notifications or placard, by doing self-regulation and make themselves aware that anything that is not necessary in their network must not be allowed.

In an enterprise setting, the same idea as mentioned above can be applied. With servers, dedicated storage and managed-capable network devices we should be able protect systems further by enabling network-based authenticated access to resources and subject workstations to technical security controls. The question is if they have public-facing services hosted on-premise in which case the enterprise may need email, web and few other dedicated security technologies. The same idea can be applied if they have more than the usual workstation-based or an ad-hoc business and web applications being accessed publicly. With this setting there is much more that can be done on authorizing and automating the administration of enterprise technology and data and even connect to the cloud if they have assets there already. A growing interest and the convenience it provides to businesses with their move to cloud-based applications for email, web and business applications have made this truly practical for security and privacy considerations, while they are not enabled by default, a subscriber-stakeholder should be able to do it with or without specialized training just by simply reading a provided manual or just contract it with a quick setup to be done by a third-party without interest in selling products but their superb services with a sincere warranty provisions. With on-premise and the cloud, resources are now straddled, and the enterprise system as a whole can be coalesced by connecting these two or more geographically separated networks in a private manner.

With the cloud as part of the enterprise system, security and privacy are easier to be acquired, implement and managed and the best of it is no more capex, major upgrade activities, migration issues, compliance to regulatory regimes and international standards. Everything just gets to be improved without the subscriber having to do anything at all.

And there is the cyberspace whose resource and capacity requires a considerable protection of critical infrastructures statewide, if not universally, which may or may not completely alter the text above. 


Popular posts from this blog

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an

[TW] Customers' trust and domains outside of internet's root

We all consider ourselves customers. Those who own businesses are customers even of their own. When we talk about the utility of technology, we often use customers to refer to our colleagues and some stakeholders that were provided access to our enterprise system. In business, customers are those who acquire and engage our products and services, respectively. Customers' trust is achieved and retained when we meet the expectations of our colleagues, stakeholders and the buyer of our products, services and ideas. Not only that we have assured them of those expectations in the contract or terms and conditions including some form of agreement but we attend to them sincerely when they need help. Giving them almost everything they need to form a decision. The experience must not be shallow and pretentious or they would notice whatever motive there is in between. Customers' trust is build not by the customers alone, just because we kept their experience up to their standards or we str