No more trusted endpoints

Share this article:
No more trusted endpoints
No more trusted endpoints

There are always plenty of things to keep the average security practitioner wringing their hands and losing sleep, but most of these factors are driven by external events. Bring-your-own-device (BYOD) and bring-your-own-network (BYON) are different, and pose something more terrifying to the information security practitioner: a radical shifting of the goal posts. The castle we are tasked to defend has up and moved itself somewhere new. After all the effort we've made on moving away from the “crunchy outer shell, squishy underbelly” to a model where security is a part of the information fabric itself, right as that transition finally starts happening, the very thing we're trying to protect changes once more.

Perhaps it's time to start making some tough decisions and run with them. The theater of risk has changed from network service-based attacks to attacks against the endpoint. And the needle has swung to the other extreme. We're obsessed with protecting the endpoint now. Yet as anyone who follows reports of major breaches in the last few years can see, somehow all it takes is for one endpoint to be compromised and the whole house of cards tumbles once again.

Let's start focusing on the actual information, not the systems. Assume your endpoints are compromised at all times – one desktop should not be able to assault the entire network from within, no single access credential should hold all the keys to the kingdom. You can't stop attackers, but you can definitely make it as difficult as possible for them. If BYOD is to become the new normal, we'll need to continue to build security into business processes and operational IT, and that means tradeoffs in convenience versus security. Corporate IT engineers are going to have to take lessons from internet engineers, constructing internal networks as if they were exposed to the general public. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in Opinions

Sign up to our newsletters


More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.