Shifting Focus From Devices to Data
"It's about how you can protect information, not the device," Jaspreet Singh, CEO of Druva, an integrated endpoint backup solutions company, told eWEEK
"What enterprises are trying to standardize on is data access, rather than managing devices, which are most likely iPhones and iPads, anyway. If you can standardize how data is accessed, the device won't matter," Singh continued. "If you're hung up on devices, you're fighting the wrong war."
According to Singh, the majority of data leaks are caused, often unintentionally, by insiders—an issue that won't be solved with mobile-device management (MDM).
"MDM is a basis," he said. "It will maybe provide a sort of initial obstacle and help to manage devices a little better. But the real problem is how to protect enterprise data at the document level."
The avenues along which a security violation might occur are seemingly endless, whether it's Facebook, Windows 8, Dropbox or a USB stick, Singh continued. "Information rights management [IRM] is the future of protecting data—that's my view."
Microsoft, which includes IRM in its Office 2013 and Windows Phone 8 software, describes it as a way of specifying access permissions to various content and preventing sensitive information from being printed, forwarded or copied by unauthorized people. If, for example, a sensitive email is forwarded to someone who hasn't been approved, he or she won't be able to read it.
"After permission for a file has been restricted by using IRM," Microsoft
explains on its site, "the access and usage restrictions are enforced regardless of where the information is, because the permission to a file is stored in the document, workbook or presentation file itself."
Steve Bulmer, a principal consultant and strategist with data center solutions and services company Datalink, said he hears people shying away from the term "virtual desktop" in favor of "end-user computing."
"Whatever you call it, you have to manage getting the content to the end point, whatever that is," said Bulmer. A lot of that is likely to take place at the network-authentication policy level, he said. Companies will need to set up access criteria or a way to detect if a device is a trusted one.
Eventually, Bulmer told eWEEK
, "I think people are going to use a master password to unlock individual passwords."
In the consumer space, Verizon, with Criterion Systems and other online identity and technology companies, is currently testing the feasibility of a single, highly secure user-password combination
. The companies were recently awarded a government grant to test whether consumers would trust such a system.
"Our philosophy is to think about centralizing information. We think about it from a security perspective, from a content-delivery perspective and from a BYOD perspective. We don't want users saving information on their personal devices and taking it with them—we want them saving it to a secure space," Bulmer continued.
"Another challenge of BYOD is when you have a knowledge worker using his favorite device. How can I guarantee that person is taking care of the device? What if that person's kid spills Pepsi into the laptop? ... You need to centralize the data at the data center or in the cloud, not on the device."