“How can you deal with the conflict between security and productivity?” asked Storey.
“Start with the employees, your internal customers,” said Subramaniam. “In Juniper’s Swiss office, we gave our executives $X per year to buy any personal devices they wanted: Mac, Windows, Symbian etc. Now, I don’t have to buy them laptops, which saves money, and the employees are happier.”
This seems doubly advantageous. “So you don’t have to manage the devices,” pointed out Clement Lo, director, information and communications technology, Bank Consortium Trust Co “and if they don’t comply with network security, they are locked out.”
Cloud Data Location
The cloud seems like a solution, but moving data across borders can be illegal.
“Are you allowed to store your Hong Kong CVs in Singapore?” asked Jasper. “In Europe and especially Germany, they are very demanding on security. We have to decentralise, because you can’t store personal data outside of Europe.”
“Governments like the data to sit in their national jurisdictions so they can subpoena it if necessary,” agreed Subramaniam. “Cloud providers like Amazon may not always know where the data resides.”
Continued Subramaniam: “I’m sure of one thing; if security and productivity are in conflict, the employees will act in such a manner that the productivity will win and the security will lose. So let them have the devices they want and ensure the minimum security necessary – that’s the starting point for enterprise policy.”
Sign up for CIO Asia eNewsletters.