Tuesday, November 8, 2011

Bring Your Own Device? Secure the Data

Inevitably there has been a growth in the numbers of personal devices being brought into the workplace. And they are data friendly, such as smart phones and tablets. Some companies are handling this trend as though the devices were company property, despite the fact they have no right to do that and fundamentally their efforts are doomed to failure. .

The answer lies in an approach that has been right for some time even before the infiltration of personal devices. Data Centric Security.

Under data centric security, the focus of the security policies and procedures is the data and not the devices. This has been the right way to go because data is increasingly more mobile and it is difficult if not impossible to know where it is at any time. So the data itself needs to be secure so that it doesn't really matter where it is.

The key to data centric security (no pun intended) is encryption. It's not the only element - attention still needs to be paid to systems - but it's the most important one because with encryption, data cannot be read by unauthorized people no matter where it is. This approach is essential with the proliferation of devices, including storage devices like memory sticks, but even more essential for managing data security in the age of BYOD.

See this article, for example.

No comments: