If security pros had their way, they’d make laptops so secure they’d be virtually unusable. Protecting against every imaginable attack–not to mention the fallibility of the human connected to the laptop–is a battle we keep losing. Seventy percent of successful breaches happen at the endpoint. So it’s either keep layering the security stack or abolish laptops altogether—because they’re counterintuitive to a secure enterprise.
On the flip side, the workforce views endpoint devices as a marvelous, immutable extension of self: the computers they carry are magical devices that transform mere mortals into digital superhumans—giving them speed, power, boundless knowledge and connection. Take away that muscular machine, and employees will rebel.
Are endpoints awesome or evil?
I look at the conundrum between IT and the workforce as the classic good vs. evil story. The looming threats are disorienting, but if IT takes the right approach, they can give “analog” humans what they want AND protect the enterprise too.
The first step is accepting reality: the Haddon matrix theory, the most commonly used paradigm in the injury prevention field, says you plan for a disaster by planning for three phases of the disaster – pre-disaster, disaster, post-disaster. The presumption is that disaster is inevitable.
How does this translate in IT? Through acceptance that the world is inherently dangerous, by blocking and tackling to address known issues, and planning for pre-disaster, disaster and post-disaster to limit risk.
Survive in the wild with a simple plan
My session at the Gartner Catalyst Conference 2015—called Mitigate Risk Without Multiplying the Tech Stack—is about the first commandment of IT: thou shalt have a copy of data in an independent system in a separate location. But more than that, it’s about utilizing the backup agent already on employee laptops for additional tasks. Once the data is stored, IT can use it to rapidly remediate and limit risk following breach, protect against insider threats, even add back up sets from third party clouds—where employees sync and share data—to a centralized platform where all the data can be protected and utilized to recover from any type of data loss.
Data security is a combination of protection, detection and response. Like Bruce Schneier says,
You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.
What I tell IT and infosec pros is this: focus on what you can control and leverage what you have. Instead of deploying a new agent every time you need to block a behavior or protect against a threat, wrap protection around the data with real-time, continuous data capture.
With this approach, you give employees their magical machines while staying focused on data recovery, visibility and forensics, as well as security and analytics. Now instead of good vs. evil, it’s win/win.