We have all heard the marketing saying ‘less is more’ and when it comes to IT security the same applies. Fewer devices and services is far easier to manage and secure. Early in the new millennium the mainstream computer was born with the release of Windows XP which became the de facto standard and today it is still widely used.
Ten years ago laptops were clumpy, slow, heavy and expensive and USB sticks had low storage capacity and were also pricey. Most people only had a desktop computer which was easier to control since they only had to secure it against electronic threats ... a desktop is more difficult to steal than a slim, lightweight laptop.
When more affordable laptops came along they not only needed to be secure against hackers and/or malware, but also physically. A laptop is a portable computer and can hold the same amount of data as a desktop. If one is lost or stolen you have not only lost the data but run the risk of it being leaked it out to the wider world. Along with portability comes Wi-Fi which makes interception a problem, especially in cafes, hotels and airports.
A few years on and sales of USB flash drives, USB hard drives, CDs, DVDs are booming which facilitates the quick transfer to external devices which are small and easier to lose. Electronic attack is no longer the issue ... loss or theft is a big problem since, unlike a laptop, no security is built in by default.
The ‘noughties’ gave the world problems enough with the explosion of USBs and laptops. Today the craze is smartphones and tablets where the problems are two-fold: loss and/or theft and electronic attack. These days everyone, it seems, whether at home or work, wants a tablet ... progress this may be but no one is thinking about the poor IT manager and head of IT security.
With many IT managers and security managers admitting that BYOD (bring your own devices) does not work or the benefits and cost outweigh the positives. And there is always going to be the senior manager who flaunts the rules and the IT manager has to turn a blind eye. There is only so much an IT manager can implement and control.
No single IT manager can know everything nor cope. By having to have multiple types of devices it means countless management consoles like: tracking, firewall, antivirus, DLP, encryption, MDM and so on. More does really mean less control and a decrease of security.
With more threats appearing on smartphones and tablets, the situation will only get worse and by letting staff have it their own way problems and their management will simply get more difficult as the likelihood of more leaks or infections increases.
BYOD is not always a great option and handing out company smartphones may work out cheaper and easier in the long run since control is easier. By the time companies have forked out for consultancy, installation and licensing, it may be cheaper to simply buy a bunch of encrypted USB flash drives and hand them out instead.