Layered Protection for a Mobile Business

Managing the Changing IT Landscape: Consumerization Security

By Chris Peters, member of the Intel IT Center

A recent InformationWeek article by Tom Quillin reminds me that the security landscape is in a state of constant change. IT must figure out how to secure and manage a multitude of mobile devices on increasingly diverse platforms. And the key word is “mobile”—employees often want to work at any time, from any location, with data that’s accessible from the company network, the Web, or the cloud. It’s a boon to business productivity, certainly, but it means that IT must secure a moving target.

I recently had a chance to contribute to an Intel IT Center planning guide, Consumerization Security for the Changing Enterprise, which offers some insight on protecting this environment.

5 layers of security protection.jpg

The guide explains how hardware-enhanced security can provide layered protection across five security perimeters of your business, from gaining network access to remediating problems quickly when they occur.

  • Network – Use authentication technologies to provide access only to known, trusted users.
  • Platform(s) – Stop attacks and protect online transactions with added protection below the operating system.
  • Applications – Guard against escalation-of-privilege attacks and secure virtualized models.
  • Data – Protect sensitive business data with faster full-disk encryption and anti-theft capabilities.
  • Remediation – Remotely diagnose, isolate, and repair infected clients in any operational state.

Intel IT deploys dynamic trust to balance security and productivity

Intel’s own IT group deals with the same challenges as other organizations—finding that balance between security and the flow of information. Intel IT works to deliver layered protection with a “Protect to Enable” security strategy that includes a dynamic trust model.

This trust model adjusts information security controls and access to information based on several factors, such as the employee’s authentication method, the application they want to use, and the “trust level” of their device. It also considers their connection point. Are they onsite or on a public network? How secure is the connection? Intel IT also uses this model to decide when and how sensitive data and services can be moved into the cloud.

I find this approach pretty interesting, as it is very different from the binary security controls we have used for decades.

Do you look at information security with a layered approach to protection? Do you think dynamic controls can apply in your business environment?

#Consumerization #Security #IntelvPro