Security and the mythical ‘business user’

Last updated: 21 March 2014

We often talk about ‘business applications’ or ‘business software’ as if they belonged to a separate universe of applications. This makes sense – some applications (like HR software) only make sense in a business context.

But there’s a lot of overlap in the people using the software. In fact, the people using your business applications are also the ordinary consumers who shop on Amazon, chat on social networks, and otherwise drive growth of popular consumer apps.

Newsflash: Every user of ‘business software’ is also a consumer.

Work/personal distinctions are fading
We’re all using more cloud apps for work and our personal lives. Sometimes we’re in ‘business’ mode, and sometimes we’re not. And it’s getting harder and harder to draw those lines.

Business-focused apps are borrowing from consumer sites like Amazon, Twitter and Facebook. Think Salesforce Chatter. Sometimes the software actually is the same. You might use the same apps to book personal and business travel, for example, even though you use different accounts.

Ever shop from your desktop at the office? Check email from your personal tablet? Do a little of everything on your phone? It’s a rare person who can maintain an absolute division of work and personal online behavior. Our online personas are a mix of personal and professional. Sites like LinkedIn, Facebook, Twitter and Google Plus all present different views into our lives to the world.

Given these growing areas of overlap, it’s hard to believe that people behave differently with their business apps than they do for their personal apps. This should worry you – because consumers are notoriously lax about their personal passwords and accounts.

Protecting your business’ cloud applications
Starting from the assumption that your employees also have rich personal online lives, how do you protect your business applications from careless consumer-based habits?  You have a few choices:

  1. Create strong cloud security policies. Train employees about good security practices to make them more secure for both personal and work. That’s an admirable task, but it’s going to take you a while. In fact, you’ll never really be done.

  2. Try to convince yourself that your employees and contractors are the exception. (This is the ‘head-in-the-sand’ approach to cloud application security.)

  3. Use a cloud SSO solution like CloudEntr that puts all of the business applications in one secure place, with password policies, strong authentication and access management all built in.

Of course, at Gemalto we think option #3 is the best choice. The SSO portal creates a clear division between personal and professional, and consolidates all of the ‘business’ accounts in one location. This makes it easier for you to set policies and control access to those apps. Employees are generally happy to have their online work lives clearly defined and readily available – no matter which device they use.

Leave a Reply

Your email address will not be published. Required fields are marked *