Juicy Assets, Ripe For Picking...
So here's an interesting spin on de-perimeterisation (removing the boundary between the internal network and the internet)... if people think we cannot achieve this and cannot wait for secure operating systems, protocols and environments but need to "secure" their environments today, I have a simple question supported by a simple equation for illustration:
For the majority of mobile and internal users in a typical company who use the same basic set of applications:
- Assume a company that:...fits within the 90% of those who still inhouse servers and isn't completely outsourced and supports a users who use Microsoft OS and the usual suspect applications on fat clients and laptops.
- Take the following:
Data Breaches. Lost Laptops. Non-sanitized corporate hard drives on eBay. Malware. Non-compliant configurations. Patching woes. Device Failures. Remote Backup issues. Endpoint Security Software Sprawl. Skyrocketing security/compliance costs. Lost Customer Confidence. Fines. Lost Revenue. Reduced budget.
- Combine With:
Cheap Bandwidth. Lots of types of bandwidth/access modalities. Centralized Applications and Data. Any Web-enabled Computing Platform. SSL VPN. Virtualization. Centralized Encryption. Lots of choices to provide thin-client/streaming desktop capability. Offline-capable Web Apps.
- Shake Well, Re-allocate Funding, Streamline Operations and "Security"...
- And, Ta Da, You Get...:
Less Risk. Less Cost. Better Control Over Data. More "Secure" Operations. Better Resilience. Assurance of Information. Simplified Operations. Easier Backup. One Version of the Truth (data.)
Why? Can Someone Tell Me Why?
I really just don't get it why we continue to deploy and are support platforms we can't protect, allow our data to inhabit islands we can't control and at the same time admit the inevitability of disaster while continuing to spend our money on solutions that can't possibly solve the problems.
Until the operating systems are more secure, the data can self-protect and networks to "self-defend," why do we continue to focus on the fat client PCs which are a waste of time.
If we can isolate and reduce the number of ways of access to data and use dumb platforms to do it, why aren't we?
...I mean besides the fact that an entire industry has been leeching off this mess for decades...
I'll Gladly Pay You For Solution Today...
The technology exists TODAY to centralize our most important assets and allow our workforce to accomplish their goals and business to function better without the need for data to actually "leave" the servers in whose security we have already invested so much money.
Many people are doing that with their servers already with the adoption of virtualization. Now they need to do with their clients.
The only reason we're now going absolutely stupid and spending money on securing endpoints in their current state is because we're CAUSING not just allowing data to leave our enclaves. In fact with all this BlaBla 2.0 hype, we've convinced ourselves that we must. Utter Hogwash.
Relax, Keep Your Firewalls On...
In the case of centralized computing and streamed desktops to dumb/thin clients, the security perimeter still includes our servers and security castles, but also encapsulates a streamed, virtualized, encrypted, and authenticated thin-client session bubble. Instead of worrying about the endpoint, that's nothing more than a flickering display with a keyboard/mouse.
Let your kid use Limewire. Let Uncle Bob surf www. Let wifey download spyware. If my data and applications don't live on the machine and all the clicks/mouseys are just screen updates, what do I care?
Yup, you can still use a screen scraper or a camera phone to use data inappropriately, but this is where balancing risk comes into play. Let's keep the discussion within the 80% of reasonable factored arguments. We'll never eliminate 100% and we don't have to in order to be successful.
Sure, there are exceptions and corner cases where data does need to leave our embrace, but we can eliminate an entire class of problem if we take advantage of what we have today and stop this endpoint madness.
This goes for internal corporate users who are chained to their desks and not just mobile users. Oh, and did I forget to mention the hugely reduced cost of ownership...
What's preventing you from doing this today?
0 comments:
Post a Comment