Symantec's CIO: We're Going To Predict If Your Employees Are Security Risks

Includes: SYMC
by: Mark Fidelman

Employee All Stars or Security Risks

According to a recent uSamp survey, 41% of employees admit to using unsanctioned services like Dropbox, Box and Google Docs on mobile devices to share files. 38% admitted that some of their files were sent to an unauthorized person, and worse, as a result, 27% reported a data breach and adverse consequence.

Despite the recent amount of attention security breaches have received, it is striking how much confidential data and documents are still being transmitted outside of organizational control. The situation provides some instructive contrasts, starting with IT's unwillingness to provide employees what they need, and IT's need to secure the companies' intellectual property and trade secrets.

The contrast between the agile workforce and the secure organization. Employees that are collaborating with other employees and the organization that silos data and communication. The gap is widening, and organizations are not faring well. The absence of a flexible yet secure security model that addresses the needs of the organization and its employees is missing, so who better to ask than Symantec's (SYMC) CIO about how to resolve these contrasts in the age of mobile devices.

"With any new disruptive communication technology in the workplace, it can be challenging to secure. So an executive's tendency is to lock it all down and squeeze tighter," Marty Hodgett, Symantec's CIO, told me. "That is the current IT mindset, but it doesn't always have to be that way."

Symantec is looking to bridge the gap between employee productivity and organizational security by providing tools that help companies look at their data and make predictions about security risks. Imagine a situation where based on particular patterns of digital behavior, an organization is alerted to an employee that appears to be downloading then transferring documents to an unauthorized individual.

While Hodgett believes that Symantec's security tools are still primarily reactive, their product teams are in the process of building proactive, analytical behavior solutions that stop issues before they happen. "If you had a system that automatically looked at the data being produced from employee activities and identified patterns of behavior that are known to be high risk, you can spend more time enabling employee productivity and less time reacting to security breaches," Hodgett explained to me.

Even today, Symantec can help companies detect whether an employee is about to leave the organization. Hodgett explains: "We know that in most organizations that if an employee suddenly starts downloading a lot more than he's ever downloaded before - chances are that he is taking information and documents that he thinks he owns - and quits a few days later."

Sounds like Minority Report to me.

And the tools couldn't be coming at a better time. Yaacov Cohen,'s CEO and commissioner of the uSamp study (and current client of mine) explains, "It's clear from the trend in BYOD that employees are not just bringing their own devices to work - they are bringing their own applications and cloud services too." To account for this, Cohen believes that next generation security solutions from Symantec and mobile security solutions from his own company need to be deployed to adapt the new workplace.

Wall Street Journal and Zdnet contributor Michael Krigsman agrees, telling me, "Workers need speed and flexibility to do their jobs, collaborate, and make decisions. It is no longer acceptable for people in the enterprise to be bound to desks and offices -- work takes place with customers out in the field. To get things done, workers will break IT rules they view as archaic or interfering with their jobs."

Clearly As the uSamp/ data demonstrates, IT is dealing with a dangerous situation. Security triage isn't working and IT is stuck in an untenable cycle where they're trying to plug security holes while draining employee productivity. While no security system at scale is by no means assured, and employee privacy issues need to be addressed, companies like Symantec and are providing proactive solutions for life in the new workplace.

Anyone who thinks the new workplace doesn't require new security solutions isn't paying attention.

Disclosure: I have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it. I have no business relationship with any company whose stock is mentioned in this article.