Andrés Kohn began the interview with Dave & Bill, with the analogy, “Although Proofpoint targets mid to large enterprises with our security operations, the problems we are helping solve are the exact same problems that all of us face at home every day.”
Too often, there is a false sense of security that consumers are less desirable to cybercriminals, and the need for security concerns are less important. “What do I have that would interest a cybercriminal to want to hack me, is a typical response”. However, as we fast approach 4–5 billion mobile devices connected to broadband, and each mobile device comes loaded with its personal consumer services, it becomes a threat to the security of Enterprise networks.
We wrote about security vs. convenience, we discussed it with previous guests, but today, Andrés sheds some new light on the topic.
“I think like everything in life, anytime there is a great new tool and a great new opportunity, comes greater risk and responsibility”, said Andrés Kohn.
We are in the midst of it now, Samartphones/Social Media vs. Risks/Responsibilities. Consumer services are actually better than enterprise services, and individuals are pushing in favor of personal mobile technology that makes his or her job easier. Unfortunately, ITs are challenged to adapt to repeated requests for the rapid employment of third party services creating additional risks and concerns for ITs and the Enterprise networks they protect.
The question becomes how IT security adapts to the onslaught of consumerized ITs in the work place, while assuring data security and allowing for productivity of its employees.
In its 2011 Consumerized IT Survey conducted in conjunction with Osterman Research of 632 respondents from enterprise to government agencies, found that 84% of ITs allow for the use of consumer tools, iPads, Facebook, Twitter, etc. or other consumer services to conduct business communications. What is being done about allowing for the use of these consumer services?
Trust alone that personnel will do the right thing, or know the right thing to do, is no longer a viable solution, it has become too difficult. Today, trust needs to be accompanied by policy and technology, a three-pronged approach. The survey indicated that 73% have policies in place that include trust as to how these devices and tools should be used. In addition, 51% of those surveyed implement strategies that leverage policy, technology, and trust to help monitor and provide security around these consumer services.
“Trust will always be an essential part of any security and compliance strategy. However, it is encouraging to discover that half of those polled know that trust alone will not provide an effective defense”, stated Michael Osterman, principal of Osterman Research, Inc. Fortunately, only 11% are relying on employee good judgment alone, or in other words have their heads stuck in the sand.
“We” the users of consumer technologies are slowly recognizing that each of us has a role in the safety and security of one another. More than ever the term, “Divide & Conquer” takes on a new perspective in the global technology wars between the cybercriminal and you.
In many instances, we are our own worst enemies, and kept at bay with our own apathy towards security. If we are too inconvenienced by an additional click of the mouse that adds another layer of security we are only dividing ourselves and making it easier to be conquered.
Andrés Kohn throughout the interview adds a great deal of perspective and insight to his earlier comment that what is discovered bettering the security of the Enterprise network only enhances the security and well-being that the consumer faces at home every day.
Listen here to the show; what Andrés Kohn shares with all of us is well worth your time:
Your CyberHood Watch Partner,
david c ballard
Radio Security Journalist