Recently, we talked about the failures of perimeter-based security in protecting data in an era where data is now spread across millions of access points that extend beyond the network. There was a time when you could control data with network controls to monitor incoming and outgoing network traffic, but that kind of mentality no longer applies when the endpoint is quite-literally walking outside your office in someone’s pocket.
In a recent report, Gartner analysts John Girard and Brian Reed examine how typical security defenses fail in mobile settings because they are focused on protecting boundaries rather than the information itself, and employees are just as likely to ignore those boundaries (read more about the complexities of the Insider Threat). As noted in the graphic above, hackers are exploiting vulnerabilities and networks and systems and employees are readily bypassing endpoint securities by sharing information to unsecured email or cloud accounts, creating a steady information leak that needs to be stopped.
In the report, Data Can Move Without Leaking — Eliminate Four Flaws in Your Mobile Information Protecting Strategy, Gartner plans a roadmap to improve data security by shifting to an information-centric security posture. The report indicates that defense of information is often overlooked or deemed “unfriendly to users and administrators,” but that it doesn’t have to be.
To move forward, Gartner recommends shifting to this information-centric approach that assumes all information be company-only, that it’s still likely at risk (even with at rest encryption and in motion encryption / VPN), that breaches happen to everyone and that more layers of protection are always a good thing. As the report indicates, there is no “downside” to creating an information-centric approach to data security.
Gartner outlines the fundamentals of mobile information-centric security as:
The report recommends that the best protections are ones that enable information sharing while being non-intrusive to the end-user. Having a persistent connection to a device, and the data it contains, is just another non-intrusive layer of protection that organizations can rely upon. To read more about how you can support data on the move, read the Gartner report or reach out to us here at Absolute.