Had a very interesting conversation this week about the evolving trust model for mobile security in the enterprise. I was talking to Terry R, who focuses on risk management and compliance, and he was telling me how his company's perimeter security strategy needs to fundamentally change.
As he put it: "Our challenge is that our infrastructure, applications, and databases are designed for a perimeterized world. Our systems rely on a strong perimeter. We need to tear that perimeter down."
The catalyst for the conversation was smartphones, which operate almost constantly outside the perimeter. Since the perimeter is no longer "reliable", security becomes a matter of trust. Which device do I trust with which data for which user under which circumstance? The same questions, certainly, as existed before smartphone adoption. But the answers are now much more difficult to pin down. The trust model for mobile is a rapidly moving target. New operating systems appear every year. New devices appear every week. New consumer apps appear every minute. And end-users constantly set and change the debate.
How does a security team keep up? The more rigid ones will likely fall behind. The nimble ones will adopt a flexible mindset that can trade effectively between security and privacy, usability and control. Protecting enterprise data without compromising end-user experience will be the goal. A dynamic but rational model of trust that can operationalize the model below will be one of the important tools.
(Thanks, Terry, for the ideas behind this post)
As he put it: "Our challenge is that our infrastructure, applications, and databases are designed for a perimeterized world. Our systems rely on a strong perimeter. We need to tear that perimeter down."
The catalyst for the conversation was smartphones, which operate almost constantly outside the perimeter. Since the perimeter is no longer "reliable", security becomes a matter of trust. Which device do I trust with which data for which user under which circumstance? The same questions, certainly, as existed before smartphone adoption. But the answers are now much more difficult to pin down. The trust model for mobile is a rapidly moving target. New operating systems appear every year. New devices appear every week. New consumer apps appear every minute. And end-users constantly set and change the debate.
How does a security team keep up? The more rigid ones will likely fall behind. The nimble ones will adopt a flexible mindset that can trade effectively between security and privacy, usability and control. Protecting enterprise data without compromising end-user experience will be the goal. A dynamic but rational model of trust that can operationalize the model below will be one of the important tools.
(Thanks, Terry, for the ideas behind this post)
Join Us: http://bit.ly/joincloud
Posts
No comments:
Post a Comment
Hi, please feel free to add your comments to this Cloud Distribution - Vendor News item