Protecting Corporate Data in the Age of Consumerization

The battlefield of protecting corporate data has been shifting towards employees’ consumer devices and services that are only partially, if at all, controlled by the employer’s IT security staff. Bruce Schneier highlights this trend as a counter-point in the article Should enterprises give in to IT consumerization at the expense of security? As Bruce points out,

The meta-trend here is consumerization: cool technologies show up for the consumer market before they’re available to the business market. Every corporation is under pressure from its employees to allow them to use these new technologies at work, and that pressure is only getting stronger. Younger employees simply aren’t going to stand for using last year’s stuff, and they’re not going to carry around a second laptop. They’re either going to figure out ways around the corporate security rules, or they’re going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. […] Either way, it’s going to be harder and harder to say no.

This is another reminder that corporate IT security teams are but one component of the complex ecosystem that makes companies function.

Always saying “no” has already given many security professionals a bad name. The challenge, of course, is to figure out out how to say “yes” while working within the context of the organization’s overall risk management framework… if such a framework exists at all.

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more