Logo iPass
 
Header Image
 
«
»

Security gets a makeover (part 2)

Tuesday, February 8th, 2011

Yesterday, I talked about types of enterprise security and disruption due to remote access – using consumer-liable devices.

Now we come to the latest disruption, which is actually two disruptions I am merging into one. First is the surge of mobile devices. When I mentioned in the last disruption of the consumer-liable device, for the most part I was talking about a user’s home laptop or PC. So while it was not a device that matched a standard IT image, chances are there were plenty of similarities to that standard IT image.

Now, IT is faced with requests to allow access to numerous types of smartphones and tablets along with laptops and PCs. We’ve talked about the productivity benefits for allowing this type of access, and I don’t think that is in question. However, this is a pretty significant security disruption as organizations see the challenges of trying to centrally manage access when many of the edge security solutions have not kept up – firewalls and VPNs that don’t support the plethora of devices out there; meaning that IT is faced with the choice of blocking access from unfamiliar devices, or allowing access with less visibility than they are accustomed to.

Now, the second part of my two-part disruption: the applications themselves moving from the LAN to the cloud. While the cloud offers tremendous benefits in how organizations efficiently manage applications and costs, it does become a security disruption. Traditional edge devices can’t manage access when both the access point and the application themselves never send their traffic through the edge. Combine this with the fact that organizations are replacing LAN-based applications with centrally-managed access with multiple, cloud-based applications with individually-managed access. That can add complexity in how access is secured and managed, even while reducing complexity and costs in the organization’s IT infrastructure.

So what is an IT organization to do? Clamp down and restrict access?

That is really not an option to remain competitive today, most organizations are embracing the cloud; embracing mobile devices. However, is it efficient to embrace this new paradigm by trusting that these new devices are more secure, and trusting all of the different cloud-based applications themselves are secure? Going from managing access centrally to managing access by device type and application? Are we trading efficiency in managing our data centers to inefficiency in managing security? That is the question.

While I do think devices themselves are inherently more secure, and that the cloud offers certain standards in how you can manage the security of the connection, I do think we are facing a new wave of secure authorization that is not set in stone. Until then, what do you do? I think the best thing to do is ride the wave the best you can.

Train and trust your employees. Shift the control point to the Internet. While embracing all of the different types of devices, ensure those devices have a common base level for security; things like a common authentication format, data encryption, data wipe capabilities. Make sure that by embracing the cloud you are not weakening security. Many cloud applications allow methods to integrate with your authentication standard, so your employees are not faced with managing different password policies across all of the different cloud based applications.

That being said, this is easier said than done. I’d argue that most people reading this probably agree there are good ideas here, but have yet to implement many and have probably implemented a piece here and a piece there. There is still a lot of complexity. I think that complexity will breed innovation that we’ve started to see in pieces, but not in its entirety. I do think iPass has a role here, especially as we help manage access at the device and communication layer.

Ultimately, I think security will be similar to what we’ve always seen. Security managed at the application, edge and device with much of it centrally managed at the edge. It’s just that each of these three components in the future will look a lot different than they did 10 years ago.

Let me know what YOU think.

 

 

Tags: , , ,
 

Comments are closed.

SUBSCRIBE