With a Forrester Group survey of 10,000 information workers finding that a quarter of devices used for work are now smartphones or tablets, not laptops or PCs.
.
And that half of all workers are using three or more devices to do their job, the challenge is growing.
.
Those trying to lock down every possible device, from a private smartphone to a company laptop, may face a losing battle.
.
Similarly, securing every network, from VPNs to WiFi hotspots is beyond the capability of a centralised IT department.
.
Security experts are therefore moving their focus away from the device and the network and on to the data.
.
Encryption has been around for a long time, but it is usually reserved for special cases of data, such as sensitive medical records or financial transactions.
.
Applied more broadly, it can act as a catch all deterrent to hackers by rendering data worthless for re-sale, security experts argue.
.
This takes the pressure off securing networks and devices.
.
However, an order of magnitude extension of encryption policy is not without its overheads.
.
At the moment encryption keys are managed at the application or server level, whether that is for email, database or on the laptop.
.
IT departments need to introduce a corporate policy to distribute escrow and revoke keys; otherwise the process could become unmanageable.
.
Tokenisation offers a second option for companies wanting to protect data.
.
Here, all or part of the sensitive data is replaced by a token, which can be exchanged for the real data, held in a secure location.
.
It is widely and effectively used in the card payment industry, but relatively new to the wider corporate world.
.
A third option, masking, hides real data by scrambling it to create a new data string, while retaining the properties of the original data, although it is only useful during development and testing.
.
While there are strong arguments for taking a more strategic approach to protecting business data, it is not time to throw out the firewall and anti-virus software.
.
Even without data theft, viruses can clog up infrastructure and consume IT resources, and hackers can cause untold damage to corporate reputation, as well as disruption to IT assets.
.
As such, renewed focus on data security becomes one more weapon in the fight against cyber vandals and criminals.
.
And that half of all workers are using three or more devices to do their job, the challenge is growing.
.
Those trying to lock down every possible device, from a private smartphone to a company laptop, may face a losing battle.
.
Similarly, securing every network, from VPNs to WiFi hotspots is beyond the capability of a centralised IT department.
.
Security experts are therefore moving their focus away from the device and the network and on to the data.
.
Encryption has been around for a long time, but it is usually reserved for special cases of data, such as sensitive medical records or financial transactions.
.
Applied more broadly, it can act as a catch all deterrent to hackers by rendering data worthless for re-sale, security experts argue.
.
This takes the pressure off securing networks and devices.
.
However, an order of magnitude extension of encryption policy is not without its overheads.
.
At the moment encryption keys are managed at the application or server level, whether that is for email, database or on the laptop.
.
IT departments need to introduce a corporate policy to distribute escrow and revoke keys; otherwise the process could become unmanageable.
.
Tokenisation offers a second option for companies wanting to protect data.
.
Here, all or part of the sensitive data is replaced by a token, which can be exchanged for the real data, held in a secure location.
.
It is widely and effectively used in the card payment industry, but relatively new to the wider corporate world.
.
A third option, masking, hides real data by scrambling it to create a new data string, while retaining the properties of the original data, although it is only useful during development and testing.
.
While there are strong arguments for taking a more strategic approach to protecting business data, it is not time to throw out the firewall and anti-virus software.
.
Even without data theft, viruses can clog up infrastructure and consume IT resources, and hackers can cause untold damage to corporate reputation, as well as disruption to IT assets.
.
As such, renewed focus on data security becomes one more weapon in the fight against cyber vandals and criminals.
No comments:
Post a Comment