So the common response on how to handle big problems has always been the old adage of how to eat an elephant – one bite at a time.
For most problems (and I presume, pachyderm gastronomes too) this seems to work well. However, we’re facing a set of challenges for which that wisdom may no longer apply. As businesses work to realize the potential of cloud, mobility and BYOD, and overcome the security impact of each, it seems like simply breaking these up and attacking them one at a time is unworkable. This elephant needs to be swallowed in one, painful, mouthful.
The reason for this? While these may appear at first blush to be quite distinct trends, they are actually inextricably linked. While we may be thinking about how to manage the security impact of mobile devices, they are increasingly tied to cloud services (iCloud anyone?). Likewise, the cloud services that the business user wants to spin up and start using will often be accessed directly from a whole slew of mobile devices (and user-owned mobile devices at that).
Simply trying to make the cloud “secure” while ignoring the problem of mobility and consumerization may provide the temporary warm glow of achievement, while actually leaving the organization just as exposed as before.
I spent some time earlier this month at the Cloud Security Alliance Annual Congress in Orlando. While I was there I managed to catch a session by Cesare Garlati from Trend Micro. Although he was discussing the release of the latest research from the CSA on mobile data security, he made much the same point: you really can’t split apart security thinking for mobile devices and security planning for the cloud.
Everything is linked, and that shouldn’t come as a surprise. Endpoints, cloud services, and data – managing them is essentially the same problem. Because what ties all this together is the business need to enable people to get access to information. And that access is coming from a huge (and growing) array of devices, while the data is sitting on an even larger (and growing even faster) range of services.
Whether it’s accessing a SaaS application from your desktop, or a consumer cloud storage provider from your smartphone, the goal, and the challenge, is the same: get my users access to the data they need, and keep everyone else out. Everything else is window dressing. We can’t afford to make the mistake of focusing on one element at the cost of the others. Devices, services, mobility – are simply the details; the real challenge is keeping data available and secure.
This brave new world is demanding a new way of thinking – a new focus and a new approach. Maybe, given how unsuccessful the old way was, that might not be a bad thing, either.
Even if it means swallowing the elephant all at once.