Well, when I say that the Home Directory is dying; I mean that it is probably moving and with it some problems are going to be caused.
As I wander round our offices, I often see a familiar logo in people’s system trays; that of a little blue open box. More and more people are moving their documents into the Cloud; they really don’t care about security, the just want the convenience of their data where ever they are. As the corporate teams enforce a regime of encryption on USB flash-disks; everyone has moved onto Cloud-based storage. So yes, we are looking at ways that we can build internal offerings which bring the convenience but feel more secure. Are they any more secure? And will people use them?
I suspect that unless there are very proscriptive rules which block access to sites such as Dropbox, Box, Google Drive and the likes; this initiative will completely fail. The convenience of having all your data in one place and being able to work on any device will over-ride security concerns. If your internal offering does not support every device that people want to use; you may well be doomed.
And then this brings me onto BYOD; if you go down this route and evidence suggests that many will do so..you have yet more problems. Your security perimeter is changing and you are allowing potential hostile systems onto your network; in fact, you always probably did and hadn’t really thought about it.
I have heard of companies who are trying to police this by endorsing a BYOD policy but insisting that all devices should be ‘certified’ prior to being attached to the corporate network. Good luck with that! Even if you manage to certify the multitude of devices that your staff could turn up with as secure and good to go; that certification is only valid at that point or as long as nothing changes, no new applications installed, no updates installed and probably no use made of the device at all.
Security will need to move to the application and this could mean all of the applications; even those familiar applications such as Word and Excel. Potentially, this could mean locking down data and never allowing it be stored in a non-encrypted format on a local device.
The responsibility for ensuring your systems are secure is moving; the IT security teams will need to deal with a shifting perimeter and an increasingly complicated threat model. Forget about updating anti-virus and patching operating systems; forget about maintaining your firewall; well don’t but if you think that is what security is all about, you are in for a horrible shock.
