The use of personal devices and access to externally hosted applications such as Dropbox continues to grow yet it is concerning that few organisations have the security infrastructure in place to protect the resultant spike in business critical data in motion. What are the options? While some companies have attempted to lock down access, that is far from practical. The reality is the growing Shadow IT phenomenon where users are either choosing to access unauthorised applications and/ or IT is simply ignoring the activity creating ever-greater security risks.
The traditional VPN model simply no longer works – any hacker that does gain access via a VPN basically has an open door in to the company’s most sensitive data. The alternative is user-specific encryption that essentially transforms the complexity of traditional remote worker secure access. This ‘know your user’ model addresses the two key requirements of today’s security landscape: firstly, it provides a central location to identify ’authorised’ or ‘unauthorised’ users and, secondly, an opportunity to define specific encryption policies for each user based on the applications they are allowed to access. Essentially, this extends the centralised user management approach with secure data in motion to provide end-to-end control over the data each user can access and how that should be secured.
Rather than the multiple layers of authentication required to access the diverse applications used on a daily basis, the user-specific encryption reduces the cost, management and risk associated with multiple security layers and, critically, reduces the ‘accidental criminal’ risk the holes in security created by frustrated end users breaking a company’s security policies by using the same password for every system or illicitly using their own devices. Taking this approach, an organisation can easily roll out new applications to users, enable BYOD – and remove the danger of Shadow IT.
Duo Security RSAC 2015 – Register to win a free Quadcopter
By Paul German, VP EMEA, Certes Networks