Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.
Rafal (Principal, Strategic Security Services)
Security people may believe and even tell you that 'ease-of-use' is not their problem, but they're laughably wrong. A recent comment by an industry colleague stirred up some thoughts in my head, so I put some of it to keyboard...
The mobility 'revolution' in the enterprise has been a wake-up call (or a call for panic) for many enterprise IT and enterprise security managers and professionals. My pal Brian Katz who is a mobility manager for a large enterprise poses some fantastic questions in a blog post from his point of view, so I had to give my 'security' position as well ... the problem is, I don't think we have a solution anyone's comfortable with!
BYOD (Bring Your Own Device) isn't going away. User training is important ... or maybe it's not...
Anyway - I think all of these debates and discussions come right down to this point on end-user responsibility and liability.
This isn't an easy topic to tackle because many, many have tried... but there has to be a better way.
This post wraps up the series on Bring Your Own Device (BYOD)... and attempts to summarize the vast amounts of discussion, conversation and posts on the topic over the last few weeks. In the end, what's it really all come down to?
Welcome into part 3 of 4 in the BYOD series ... today we address the security PoV (point of view). It's been an engaging discussion so far, and I welcome your continued thoughts & points... this is a massive challenge for security and some still believe it's a "fad" that will soon go away. Unfortunately I don't think so... so we have to learn to cope, and not just survive but thrive in a BYOD culture.
The challenges of Bring Your Own Device (BYOD) are interesting. In part 2 of this 4-part series I dive into productivity - which can be elusive to the point of mythical... so can you increase productivity while maintaining the security and integrity of your corporate network and assets if you go BYOD? Let's talk about it...
Data - the final frontier. This is a 4-part series on the identification, utilization, and protection of data in a "Bring your own device" enterprise. Exploring the challenges of finding, classifying, maximizing productivity, and defending data in this type of challenging environment will be the key topics of the posts in this series... join me.
Earlier this morning I asked my Twitter followers to quickly check the temperature down in Hades ...because there simply had to be icicles hanging from the rafters after I saw this first tweet in response to my BYOD post. Historically, the security community has had a negative reaction on the whole BYOD (bring your own device) concept ... but when we all start thinking alike and agreeing - maybe we're onto something here?
Are you starting to hear more and more about BYOD (bring your own device)?
Are you concerned that the security of mobile applications and devices poses additional (and mis-understood) risks to your organization that you're not prepared for? The inaugural SANS Mobile Device Security Summit '12 is here to help you make sense of it, and your pal, the Wh1t3 Rabbit just happens to be delivering the keynote. Read this post for a DISCOUNT CODE you can't afford to pass up!