Is it time to stop duelling with employees and their devices?
Having to carry around two mobile devices - one for personal use and the other for corporate business - is an anachronism, says Sebastian Goodwin.
Sebastian Goodwin, Cybersecurity Strategist, Palo Alto Networks
I like to think of a time when I no longer sit down with customers and friends who set down both a personal and corporate mobile device at the table or bar, like some sort of declaration of their Jekyll and Hyde selves. But the more peers I speak with the more I realise it's still a while away.
Cyber-security is an industry that inherently respects computing power, but we're diluting device functionality by making two gadgets do half their job to make a whole.
Employees know this. They've bought a device designed, produced and marketed as a companion that allows effortless switching between typing a work email and seeing photos from a son or daughter's first overseas trip; then given another that adds to the strain on pockets and handbags – the average screen size is predicted to grow to more than five inches this year. For some it also could add to stress as they don't learn to self-compartmentalise their personal and professional life.
What's more, BYOD and employee demand on device capability has sped up the consumerisation of business devices and added pressure on cyber-security professionals, corporate budgets – and to a degree, even the energy grid as charging cables form dormant snake nests at bedsides and desks across the world.
Many will answer with the logic that siloing information is an effective security measure. It looks at company data from the standpoint that it is on assets that have enterprise level controls. But it's not practical and we're then ignoring industry and market forces which demand the exact opposite. More overtly in some cases, we're ignoring our own employees.
Surely we've all felt the frustration of time and resource spent unboxing, configuring, teaching and troubleshooting new devices, with the salt in the wound being that there's already a perfectly good handset in most people's pocket. Also, can't that hardware budget be better spent elsewhere, or focused on those who don't have an up-to-date personal phone and need it?
With numerous other challenges to rise to during the working day, so it makes sense to stop fighting the consumer-driven IT agenda by consolidating efforts:
- Acknowledge the fact personal and professional applications will increasingly sit alongside each other within the same device. Even where dual devices are being used, I've heard of instances where savvy teens help their frustrated mum or dad get around security measures which remove password protection or allow a ‘forbidden' app to run on a corporate device
- Rather than enforce separate devices, get security software that protects corporate data on any device. Access to corporate data is ubiquitous, and if you're not on a company asset you can still access your work email from other devices
- Prioritise prevention. A solution that provides an enterprise-wide view of your network, which identifies all endpoints – and therefore vulnerabilities – is proving to be the best approach to security. Choose one that allows you to detect and prevent known and unknown threats at every point in the attack lifecycle across the organisation as not all systems have prevention at the core of their design.
Let's stop the need for device duplication, for fear of someone rolling up their sleeve to reveal two smart watches one day soon.
Contributed by Sebastian Goodwin, Cybersecurity Strategist, Palo Alto Networks.