Endpoint security is not the challenge it used to be. With a mobile workforce utilizing countless mobile devices, endpoint security has become infinitely more complex. Even compared to just five years ago, if you’re not actively managing the security of data on your endpoints, you’ve no-doubt got a situation that’s completely out of control.
The thing is we’re living and working in a data-driven society. Within this society is a user base that believes data should be free rather than confined. Add in the gotta have it now mindset combined with the inability of many users to think about the consequences of their choices and we’ve got a serious information risk management problem on our hands.
Take, for instance, users who insist on accessing the business network and data from their personal mobile devices. This reality exists in many, if not all, businesses in some fashion. But the risk doesn’t stop there. These same users go on to backup their mobile devices to external hard drives, thumb drives and, arguably worst of all, the cloud. Oh, and users just love how they can share their data across their multiple devices and even push data out to their friends with the touch of a button.
So, you started with hundreds, thousands or tens of thousands of individual data islands (laptops, netbooks and smartphones) outside the realm of your protection. Now you’re faced with users driving the ship by deciding where their data – and business data – should be backed up. This is exactly how computers and networks were intended to be used and I love that aspect of it. But it’s really scary stuff when it comes to minimizing business-related risks. The fact is your business data is now stored across untold storage devices and cloud services that may nor may be secure. Odds are you’ll never know.
Even when cloud providers tout how secure their data center is because they “passed” their SAS 70 Type II audit; you cannot rely on that. There are so many more variables to the data protection equation involving Web applications, data storage, malware protection and so on.
You now have untold iterations of complexity, untold data-related risks and yet your users are still calling the shots.
I’m not so sure we’ll ever completely get our arms around the endpoint data protection challenges we currently face. One thing is certain – you can take some steps to set your users and your business up for success to help prevent breaches from occurring or at least minimize the impact when they do.
As impossible as it may seem, you need to get to know your data – where it’s located and how it’s currently at risk. Then go on to put reasonable controls in place to help keep things in check. But don’t stop there. Continually assess where things stand. Given the number of variables and the complexities associated with endpoint data protection new issues are guaranteed to crop up. Starting today, it’s time to get back on the right track. Think long-term, adapt and evolve your endpoint security before this situation becomes more complicated.
Guest Blogger Kevin Beaver, CISSP
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.