Dell Panel: BYOD, IoT Increase Security Challenges
So in this new world of bring-your-own-device (BYOD), mobile workers and the cloud, in what direction should security evolve? According to the panelists, it should be in all directions. Ferguson said a key focus should be on developing ways to better containerize the data—make it so that the sensitive corporate data on a smartphone or tablet, for example, is kept separate from the personal information on the device and controlled by the IT department. "You can't contain the person, but you can contain the data," he said, adding that the "data needs to be self-protecting.""Over the next few years, it's going to be about protecting the data, not devices, not networks," Sweeney said. However, others argued that the focus of security should be more than just about the data. "You need to do everything," said Roger Kay, principal analyst with Endpoint Technologies Associates. "You need the belt and the suspenders." Jon Ramsey, Dell fellow and CTO of Dell SecureWorks and executive director Dell SecureWorks CTU, agreed. "It's important to talk about the security of devices even if the data is protected," Ramsey said. The responsibility for security essentially will fall on everyone, from the business people and their employees to the product makers and the software developers, the panelists said. Device makers and software developers need to start thinking about security from the start, they said. Too often the focus during the development cycle is more about what the product can do rather than making sure it is secure. It's a matter of simplicity vs. complexity, as well as money. At the least, security should be a "part of the discussion before you put the product out the door," Dell's Brown said. The problem is that it's those cool—and maybe not-so-secure—features that help sell products, Ramsey said. "If you have a product manager who can have 10 unsecure features or five secure features, they're always going to choose the 10, and probably get seven," he said. Security should be inherent in software, and the risk-vs.-profit discussion needs to be rethought in order to make security not only a key part of the end product, but a selling point, Ferguson said. There needs to be a basic awareness around security. "People are becoming program literate," he said. "They need to be security literate."
Patrick Sweeney, executive director for Dell SonicWall, agreed.