Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Building the security bridge to the Millennials

Taylor Armerding | Feb. 11, 2014
The younger generation's desire to be connected all the time expands the attack surface. But experts say enterprises can, and should, manage the risk

"Using cloud infrastructure eliminates planning guesswork since scale is automatic," Dearing said, "because there is no software or hardware to install and manage in the datacenter."

He added that data center overhead can be eliminated through the use of cloud-based services such as Google Apps, Salesforce and Box. "But a note of caution -- most security containers do not permit the flexible use of these services," he said.

Stamos calls the cloud, "the Wal-Mart of IT services. It allows companies to specialize and bring huge saving of scale and cost to end users and business."

And use of it is, essentially, mandatory, he said. "There is no choice. Anyone who doesn't want to get onboard the train, will simply get run over by it. Just remember 'ETC ETC': Embrace The Chaos, Embrace The Cloud."

But, he and others say enterprises need to manage their use of the cloud with security in mind. "Legacy applications should be located in hardened data centers, and isolated from employee network. No direct connection should be allowed, apps should be published in Citrix or VDI (Virtual Desktop Infrastructure) solutions," he said.

"All corporate data at rest on any computer or devices should be encrypted on local device storage, classified, with full DLP (Data Loss Prevention) instrumentation and single click revocation."

Finally, there is the "human factor" -- the risks that employees bring to enterprise data through carelessness, lost devices or simple vulnerability to phishing or other attacks.

HP's Moyer said it starts with training. "Keeping employees up to speed on emerging risks helps," he said. "Since Millennials are more technology comfortable, they tend to like having a deeper understanding of how attacks are initiated and will gladly share their knowledge with their communities and co-workers."

Dearing said he conducted an informal poll among some of his daughter's friends, who fit the Millennial profile. He said they all took security seriously, "but sometimes for personal reasons, such as the protection of their privacy."

According to one of them, "Your employees are your #1 security risk. Two-factor authentication is a must for remote systems access (and) online workplaces. Social networking if encrypted. It's not my emails I'm worried about, it's the email addresses of all my customers."

But Stamos contends that employees, rather than being the highest security risk, "are the key to solving the problem," if enterprises train them properly. "When IT treats people as the weakest link, they behave that way," he said.

"The only solution is an accountability based model, where employees have the responsibility to protect the data and the freedom to share it as needed. It's how our society works.

"We have a duty to educate our end users, give them the responsibility, and hold them accountable for their actions," he said.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.