Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Bridging corporate and personal

Over the past decade, technology innovations have vastly increased consumer's expectations and have migrated into corporate environments where there is increasing pressure to make corporate resources available to users on any device – whether a smartphone, tablet or laptop. This must be done without sacrificing security, which is what makes the role of a security professional exciting these days.

Access to social media – The rise of social media has led many to feel comfortable placing copious amounts of personal information out there for the world to see. The ramifications of this sharing of data are being felt in the corporate world. Employees expect social media to be available at work, and corporations that fail to adapt to a world with social media will have an increasingly difficult time attracting top talent.

Consider a bring-your-own-device (BYOD) policy – Employees use personal devices to access apps, social media, corporate email, and sometimes even to make telephone calls. Technologies such as virtual desktop and application virtualization can help, but there is plenty of room for innovation in this space.

Embrace platform agnosticism – Partially as a consequence of BYOD, the days of designing applications to be available on a single platform are over. Users need to access corporate resources using a myriad of devices, with more arriving every day. This notion of heterogeneity can also improve your security posture because investments in security solutions can be applied more effectively across platforms.

Improve authentication – It shouldn't be a surprise to any reader that password-based authentication is terribly broken. Whether passwords are reused, stored in clear text, or simply weak, it's obvious that neither end-users nor application providers are very good at using passwords. Fortunately, technologies like client-certificates, SAML, OpenID and OAuth have been available for some time, and can mitigate much of the risk inherent in password-based authentication.

Address file sharing – Email attachments are still typically limited to 10 or 20 megabytes. When larger files need to be transferred, some users will look to online services. Modern enterprise-grade file-sharing solutions can meet users' needs and enforce compliance with security policies.

We're living in a world where users are no longer content to wait for corporate solutions to catch up to what they use in their personal life. As security professionals, we are in a unique position to help implement technologies that improve security and the user experience at the same time.

»Nothing like friends
If done right, social media resources can bring your company closer to your customers and your employees closer to each other, without compromising security, says Scovetta.

»Personal intrusion
BYOD has exploded. Many CSOs are under pressure to implement policy that doesn't impact availability, yet protects company information, Scovetta says.

»People, get ready
Embracing open standards, such as HTML 5, can “future-proof” your environment and help you adapt quickly as new technologies enter the market, adds Scovetta.

»Replacing the antiquated
A number of new technologies can move today's enterprises a step or two in the right  direction toward the secure, password-less future for which we all are hoping.

Photo by Andrea Fischman

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.