Wisegate, a crowdsource IT advisory and research group, recently conducted a survey of senior IT professionals on the state of IT security. The results of this survey, shared on CSO Online, show that BYOD and the cloud are having the greatest impact on IT security planning, forcing a shift from protecting devices to protecting data.
The Wisegate report shows that 80% of respondents believe their top security risks (malware, data breaches and outsider threat) are increasing in the industry, but more interestingly, that the risks associated with malware and data breaches are likely to get worse because of BYOD and the increased use of cloud technology.
Many organizations currently struggle managing the onslaught of devices, trying to patch together systems to lock down devices or access to cloud services, a posture which inevitably both has cracks and the potential for employees to circumvent them. As the Wisegate survey notes, about 50% of organizations lack reporting procedures to measure existing security programs, so it becomes difficult to know if these programs are working or being circumvented. For example, what good is encryption if it can be bypassed?
This paradigm shift toward data-centric security management focuses on protecting corporate data and apps, no matter where it resides. At Absolute, we have been advocating for this same shift, further defining it as one that is user-centric, an approach that focuses on the end user and how they are using the device. By managing the data, and the risk at the user level, you have a stronger and more manageable security solution.
A user-centric approach to data security considers technology, internal processes and user education in the following ways:
Absolute Computrace can provide the endpoint controls necessary to constantly monitor the status of an endpoint, flagging suspicious activity when it’s detected. Moreover, persistent endpoint security technology to ensure that security software reinstalls if it is removed or damaged and will allow you to run encryption and anti-virus status reports to prove these solutions were in place and operational, an important element to prove data security compliance.