Beyond the Hype of Consumerization of IT, Part I: The Data

Security3 minutes readOct 4th, 2011

Yes, consumer technology is raging a war against the enterprise, creating a demand for CIO’s to grant access to precious network resources from devices the employee owns. However, many are quick to grab the magic quadrant technology (read: devices) to solve the problem without looking holistically at the situation. What really needs to happen to address this consumer trend and what happens when the next new widget hits the marketplace?

Organizations Continue To Treat Their Data The Same Way As They Have For The Past Decade.

Thinking you can just throw technology to solve the problem is never the answer. Put up a moat, install the firewalls, batten down the routers, secure the remote access, build up the defense in depth 4-zones and that should be it. Right? Wrong. Yes, you’ll need technology, but it can’t be the only thing you do to solve this growing problem.

Look at the Architecture Holistically.

By thinking about what needs to change you might quickly find that you have no clue where your data is, where it’s going and who’s accessing it. The National Institute of Standards and Technology, Special Publications series (NIST SP Pub) lays out a sound plan.

  • Identify your assets, meaning what devices want to connect to the network or get access to the data.
  • Categorize your data (Federal Information Processing Standard FIPS 199) into assurance level – low, moderate and high.
  • Find the right security controls to apply to the data based on this categorization.
  • In some cases building a co-location model will be the safest way to ensure your controls are appropriately applied.

So what do you gain by doing this?

  1. Money. You’ll cut costs by putting a tiered structure in place. Essentially you stop paying for a lot of security on data that just doesn’t matter, and applying that money to the business critical data.
  2. Innovation. You transform your data center and ready it for the next technology trend.
    1. By moving your data into a co-location model you ease the burden on your engineers who are responsible for daily security operations.
    2. Enable your auditors to focus only on those systems they’re really interested in (keep them out of things they don’t need to see).
  3. Efficiency. Allow a more streamlined approach to application modernization targeting your plans around data you need to get out to mobile devices with the right level of security baked in.
  4. Scalability. This new framework will allow you to re-bake security into the architecture which has likely, over time, become porous and vulnerable.
  5. Protection. You can now protect the most valuable data from exposure based on a new set of security standards.

Stay tuned for Beyond the Hype of Consumerization of IT, Part II – The device, the role.

Tags-   Data protection iPhone Mobile Mobile devices Security Smartphones