No more trusted endpoints

Share this article:
No more trusted endpoints
No more trusted endpoints

There are always plenty of things to keep the average security practitioner wringing their hands and losing sleep, but most of these factors are driven by external events. Bring-your-own-device (BYOD) and bring-your-own-network (BYON) are different, and pose something more terrifying to the information security practitioner: a radical shifting of the goal posts. The castle we are tasked to defend has up and moved itself somewhere new. After all the effort we've made on moving away from the “crunchy outer shell, squishy underbelly” to a model where security is a part of the information fabric itself, right as that transition finally starts happening, the very thing we're trying to protect changes once more.

Perhaps it's time to start making some tough decisions and run with them. The theater of risk has changed from network service-based attacks to attacks against the endpoint. And the needle has swung to the other extreme. We're obsessed with protecting the endpoint now. Yet as anyone who follows reports of major breaches in the last few years can see, somehow all it takes is for one endpoint to be compromised and the whole house of cards tumbles once again.

Let's start focusing on the actual information, not the systems. Assume your endpoints are compromised at all times – one desktop should not be able to assault the entire network from within, no single access credential should hold all the keys to the kingdom. You can't stop attackers, but you can definitely make it as difficult as possible for them. If BYOD is to become the new normal, we'll need to continue to build security into business processes and operational IT, and that means tradeoffs in convenience versus security. Corporate IT engineers are going to have to take lessons from internet engineers, constructing internal networks as if they were exposed to the general public. 

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.