Is cybersecurity more 1988 than 2018 in your office?
It’s 1981, and you are the proud bearer of the newly-coined moniker “road warrior” – in the business sense, that is.
You’re boarding a cross-country flight, and as your hand luggage, you’re carrying an Osborne 1 portable computer so that on touchdown on the coast, you can use the new db II software to go through your company’s inventory.
This truly is the modern age – and all available for any like-minded road-warriors at US$1,795 (US$4,600 in today’s money).
Twenty years later, things have changed somewhat. Your bulky “luggable” (as opposed to “portable”) computer is no more, gone the same way as its creators, Osborne, who filed for bankruptcy just two years after you boarded the flight. Now all your data is in the organization’s data center, and you can access it easily enough from your Apple iBook – the stylish matt black variant, not the childish white standard model, of course.
Now imagine a classic whip pan shot (the blurring representing the passage of time) to the present day, and you’re carrying in your pocket the sort of computing power which would have made the original NASA moon-shot engineers swoon with the possibilities.
Your company’s data has moved again, too, from the data center out into the cloud.
Because it’s your phone (or “portable computing device which happens to make calls”) your personal life now shares silicon space with work.
In fact, you have immediate access to the company’s patent application data, stored on DropBox for Business, as well as a little app called Xero, which controls the entirety of the company’s finances.
But alongside DropBox for Business, you also use DropBox personal edition, and you’ve set up the same password for both.
Sometimes, usually late at night after a spot of “refreshment”, you save business documents onto your personal account; it’s never yet caused a problem, but you’re aware it might.
In fewer than 40 years, computing has gone from Z80-based “portable” computing which required mains electricity, to the ability, at the touch of a fingertip, to be able to compromise your organization’s security entirely.
Some businesses developed mobile and smartphone policies which attempted to get around the dual use roles of most people’s cellphones.
Less than five years ago, it was a common sight for business types to be carrying a Blackberry (secure, business-like and rather dull) as well as a touchscreen smartphone (for fun and personal use). But even this rather expensive sidestepping of a problem has been on the wane.
And the enterprise’s security measures have yet to catch up with the ubiquity of the single personal/corporate smartphone in the work environment.
Typical enterprise data repositories have shifted around a great deal too. Mainframes were briefly superseded by local storage (as the price of hard disk storage and RAM fell), then data moved into the corporate data center, where it could be controlled and protected.
Then shortly after every employee began bringing into the workplace their very own portable supercomputer, the enterprise started to move its data into the cloud.
Or, to be more specific, a multiple of clouds: storage, unified communications, document management, ERP, CRM, HR – every service is now available on a monthly, pay-as-you-go basis, and data has become as spread out as its users’ possible locations.
In the endpoint security domain, what about unknown malware and how to best evaluate endpoint security solutions?
— Deep Instinct (@DeepInstinctSec) May 4, 2018
Protecting data, in storage, in transit, and at users’ fingertips is presenting a new generation of challenges, and cybersecurity companies are having to react quickly, protecting endpoints (née clients) as well as shielding web applications via WAFs (née plain-old firewalls).
What business owners need to realize is that even if their companies don’t use even a single public cloud service (unlikely, though), their employees definitely do use plenty.
And every employee’s computing powerhouse (by Apple, Samsung, et al) attached to the corporate LAN is the same chunk of silicon that’s been jailbroken and used to download applications, plug-ins, and data (read “malware”) of a dubious nature – potentially, at least.
Our addiction to smart devices is leaving cybersecurity in some organizations looking like it’s designed for the Osborne 1 era, not the brave new world of the Galaxy Note8 and Amazon SageMaker.
If your cybersecurity policies extend only as far as a copy of AVG AntiVirus Free on every PC, you may wish to reconsider your position!
12 October 2018
12 October 2018