Protecting Corporate Data in the Age of Consumerization

The battlefield of protecting corporate data has been shifting towards employees’ consumer devices and services that are only partially, if at all, controlled by the employer’s IT security staff. Bruce Schneier highlights this trend as a counter-point in the article Should enterprises give in to IT consumerization at the expense of security? As Bruce points out,

The meta-trend here is consumerization: cool technologies show up for the consumer market before they’re available to the business market. Every corporation is under pressure from its employees to allow them to use these new technologies at work, and that pressure is only getting stronger. Younger employees simply aren’t going to stand for using last year’s stuff, and they’re not going to carry around a second laptop. They’re either going to figure out ways around the corporate security rules, or they’re going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. […] Either way, it’s going to be harder and harder to say no.

This is another reminder that corporate IT security teams are but one component of the complex ecosystem that makes companies function.

Always saying “no” has already given many security professionals a bad name. The challenge, of course, is to figure out out how to say “yes” while working within the context of the organization’s overall risk management framework… if such a framework exists at all.

Lenny Zeltser

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds creative anti-malware solutions as VP of Products at Minerva. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more