الاثنين، 9 فبراير 2015

Security Impact of People-centric IT

By Debra Littlejohn Shinder

When I first ran across the phrase people-centric IT, it sounded like just another industry buzzword that some marketing department had come up with. Technology companies seem to suffer from a compulsion to rename everything every couple of years. Heck, we’ve even renamed renaming; now it’s called rebranding.

Sometimes the motivation behind the change is clear: If a product or service doesn’t catch on, maybe labeling it with a catchier moniker will make it popular. It worked for the service formerly known as ASP, and then SaaS, which suddenly caught on when it became “cloud.” Other times, there’s a legal impetus; thus the transformations of Metro into Modern UI and SkyDrive into OneDrive. Other times, there seems to be no rhyme or reason. Microsoft changed the name of ISA (Internet Security and Acceleration) Server, its firewall that was gradually gaining a loyal following, to TMG (Threat Management Gateway) and then, a few years later, killed it.


People-centric IT is the new BYOD


So I was skeptical when I heard that BYOD was out and “people-centric IT” was in. Sure, it sounds friendlier, but what does it really mean? As I delved into it a little deeper and really thought about it, though, I realized that not only do these two names not mean the same thing – they can be construed as basically opposite in meaning. And the move to substitute the latter name just might signal a big philosophical transformation in our approach to IT.


photo by Joyce Hostyn, licensed under Creative Commons

BYOD = Bring Your Own Device. The focus is on the device, and that’s nothing new. The focus of IT has been on the computers since the beginning of business networking. And the focus of security has been about hardening our operating systems, tightening our perimeter controls, locking down our devices. Oh, we’ve given lip service to the users’ role in security, with mandatory security awareness programs and the like – but even there, it’s been more about how the users should configure their computers and devices than about the people themselves.


It's all about the User


Today, though, the hardware is becoming irrelevant. With cloud computing, in a mobile world, we can access our applications, web sites and data with any old device – company machines, personally owned desktops and laptops, tablets, smart phones, public computers – and it doesn’t really matter. The experience is converging into one and the same. Even the software matters less and less. We can do most of the same things on an Android phone or an iPad that we do on a Windows PC.
photo by Jeremy Keith, licensed under Creative Commons

This trend shows no sign of slowing down in the future. A security strategy that’s focused on the system or the OS will become increasingly difficult to manage, as more and more different brands and models running different versions of different software come into use in our “bring your own” world. And the old ways of implementing security aren’t going to work anymore in a business model where keeping end users happy (and thus more productive) take precedence over bending to the IT department’s wishes.


Security focus must change


Once upon a time, IT could hand down mandates and (most) users accepted them. That was then and this is now. A new generation of users grew up with keyboards at their fingertips and screens in front of their faces. They’re digital natives, and they aren’t willing to blindly accept the dictates of IT about how to use their devices – especially when they’re paying for those devices out of their own pockets. BYOD saves companies a good deal of money on the capital expenditures end, but it can cost a lot in security if you don’t seriously assess the implications of this new world order and adjust your security plan to adapt to it.

Technological controls are still possible and useful in a BYOD world, but they have to be implemented with more diplomacy, and perhaps with a certain amount of compromise. IT isn’t going to gain back the ironclad control that we once had; that horse is out of the barn. We can’t control people in the same way we controlled devices in the old days; we can’t treat them as company property. Today and for the foreseeable future, IT is all about the people – and ultimately, after all, protecting the people is what security is all about, too.

To find out more about mobile device security go here to read more about security in the cloud go to the  Security Section on CloudComputingAdmin.om



Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.





ليست هناك تعليقات:

إرسال تعليق