PRINT THIS PAGE The dissolving perimeter and the human factor
09/11/2005. Source:Israel Venture Capital Journal. Etay Bogner, cofounder of SofaWare
Venture capitalists will find that tomorrow's security solutions will differ from those in place today. In this IVCJ article, Etay Bogner assesses future security sector opportunities in light of the proliferation of mobile devices. Tomorrow's security solutions will differ from those in place today. Etay Bogner assesses future security needs in light of the proliferation of mobile devices and discovers that security is in the eyes of the beholder.
While the CIO/CSO knows that the current "stormy" security weather is just the beginning of the turmoil, the proliferation of security solutions often leads to a worst case scenario in which the corporate end-user possesses a false sense of security, taking a won't-happen-to-me approach.
Typical security breaches are due to connecting to unsecure networks, exchanging files via USB mass storage devices, using laptops for personal purposes, browsing the Internet and down-loading/ installing untrustworthy content/ applications, copying data to CDs and so on.
Consequently, the human factor is the weakest link in corporate security. It always was and, in all probability, it always will be. It becomes an even bigger problem when companies equip end-users with some sort of mobile device, especially a laptop.
Pervasive computing is upon us Enter the "new enterprise" described best as pervasive computing. In this brave new world everyone, everywhere is connected all the time. What does this mean?
Practically, it means that perimeter security solutions are no longer adequate simply because the enterprise domain is no longer an IT-controlled, physical, static, subnet edge-based inter-network of secure tunnels, but rather a virtual, dynamic, mesh-like network of discrete end-points, each operated by the corporate end-user. The perimeter is dissolved because of the mobile nature of the new enterprise.
Powering this change are point-to-point enter-prise productivity solutions like VoIP and collaboration tools. Indeed, those can be deployed in a central manner rather than meshed, but from a productivity point-of-view, it is easier to work in smaller groups than in a huge shared central space. Performance-wise, it is more logical to decentralize the enterprise and reduce infrastructure costs rather than support every conceivable enterprise workgroup scenario. Let them use the tools and procedures they prefer.
Back to security and the human factor. Since the CIO/CSO must treat each corporate end-user and his or her mobile device as untrusted (although probably non-hostile), network end-point security solutions must be designed in such a way that they provide autonomous managed security that cannot be compromised or circum-vented by the human factor. Thus, the security solution cannot be deployed only at the physical perimeter, but rather on each and every corporate mobile device.
What will such solutions look like? Today, the IT department deploys two or more end-point security solutions per corporate laptop. These include the mandatory anti-virus solution and a personal firewall/VPN client combo.
Obviously, more solutions may be deployed such as anti-spyware, host-based intrusion detection/ prevention solutions, etc. For the corporation, deploying and especially managing a multitude of security solutions is a nightmare. Those solutions usually come from different vendors, each with its own management system. Sometimes those solutions overlap in capabilities, and sometimes they interfere with each other. The total cost of ownership is very high.
My contention is that corporate mobile devices need a more secure environment as a whole, rather than discrete security solutions patched together. It should be like bundling black-box security with each mobile device, one that precludes tampering, is managed by corporate IT and can be defended from outside threats and threats imposed by the user.
Such a solution is hard to envision and come by, but it will be a necessity in the near future. Tomorrow's laptops will probably be able to replace desktops, for the most part, and provide much better corporate productivity combined with end-user satisfaction. The CIO/CSO must make note of the future security environment and start looking for solutions.
Etay Bogner is a cofounder of SofaWare, an appliance-based security company.
This article first appeared in the Israel Venture Capital & Private Equity Journal (IVCJ). IVC Research Center publishes the Israel Venture Capital & Private Equity Journal, a quarterly review of trends and developments in the Israeli-related venture capital industry. IVCJ, distributed worldwide, is dedicated to provide wide-range coverage of Israel's venture capital industry. For more information please visit www.ivc-online.com
|
