Let’s Talk About Securing the Device
In my previous blog post, I touched on the key variables influencing how we approach device security. In this blog post, I’ll focus the discussion on securing the device. Before I do, I want to touch briefly on what was a key take away for me from last month’s RSA conference in San Francisco. This year, the focus was more on big data, the collection of data from connected devices, and analysis of that data to identify malicious or unusual activity. This is absolutely the correct approach to pro-actively and pre-emptively identify security threats, but it is important to remember that if the device that is providing the data is not secure, you cannot trust the data the device is providing, and most importantly, you cannot trust the device to carry out the actions that the data analysis indicates is required.
At a very high level, I approach security, and security decisions, from two different points of view. You can either secure the network infrastructure, or you can secure the devices that attach to that infrastructure and communicate with each other. While nobody would argue that great security requires securing both the infrastructure and the devices, there are different considerations that come with both approaches.