Is end point security a waste of time?

This article is part of the Business IT Series in association with Intel

The first board member at your organisation to walk through the door with an iPad did the IT team a massive favour. Put bluntly, there was no longer an argument. They had to ease the purse strings on your requests to fund management and security systems to go with your enterprise mobility projects.

With a Forrester Group survey of 10,000 information workers finding that a quarter of devices used for work are now smartphones or tablets, not laptops or PCs and that half of all workers are using three or more devices to do their job, the challenge is growing.

Those trying to lock down every possible device, from a private smartphone to a company laptop, may face a losing battle. Similarly, securing every network, from VPNs to WiFi hotspots is beyond the capability of a centralised IT department. Security experts are therefore moving their focus away from the device and the network and on to the data.

Encryption has been around for a long time, but it is usually reserved for special cases of data, such as sensitive medical records or financial transactions. Applied more broadly, it can act as a catch all deterrent to hackers by rendering data worthless for re-sale, security experts argue. This takes the pressure off securing networks and devices.

However, an order of magnitude extension of encryption policy is not without its overheads. At the moment encryption keys are managed at the application or server level, whether that is for email, database or on the laptop. IT departments need to introduce a corporate policy to distribute escrow and revoke keys; otherwise the process could become unmanageable.

Tokenisation offers a second option for companies wanting to protect data. Here, all or part of the sensitive data is replaced by a token, which can be exchanged for the real data, held in a secure location. It is widely and effectively used in the card payment industry, but relatively new to the wider corporate world.

A third option, masking, hides real data by scrambling it to create a new data string, while retaining the properties of the original data, although it is only useful during development and testing.

While there are strong arguments for taking a more strategic approach to protecting business data, it is not time to throw out the firewall and anti-virus software.

Even without data theft, viruses can clog up infrastructure and consume IT resources, and hackers can cause untold damage to corporate reputation, as well as disruption to IT assets. As such, renewed focus on data security becomes one more weapon in the fight against cyber vandals and criminals.

For more on this topic visit the Intel IT Center »