- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CSO - President Bill Clinton talked about building a bridge to the new millennium. With that bridge now 14 years in the rear-view mirror, the challenge for enterprises is to build a security bridge to the Millennials who are flooding the workplace.
By now, the list of the "totally connected" generation's employment expectations is familiar:
It all sounds like a productivity dream, undercut by a potential security nightmare. The attack surface of multiple personal devices that comingle personal and corporate data would appear to be both wide and deep.
But experts say employers can and should -- must -- embrace the productivity without jeopardizing security, with a combination of technology and accountability. It's just that there are varying opinions on what the right combination is, and what is involved.
Nick Stamos, CEO of nCrypted Cloud invokes a religious -- actually, non-religious -- image. "The enterprise needs a network-agnostic, device-agnostic, app-agnostic approach," he said, adding that the corporate network that employees use, "should be considered untrusted, and open to anyone onsite."
Stamos rejects Virtual Private Network (VPN) connections, arguing that only SSL (Secure Sockets Layer) connections should be allowed to any corporate systems.
"Login to all corporate systems and data should be controlled through SSO SAML 2.0 (Single Sign On, Security Assertion Markup Language) integration. Where possible, multi-factor authentication should be required," he said.
But Chris Moyer, global chief technologist, HP Enterprise Services, argues that while, "VPN used to be a 'nice to have' it's now a 'have to have' for any organization that wants to keep its employees satisfied, productive and secure (because) many of the systems developed in the past do not have enough data segregation or role-based access built in."
But "data segregation" appears to be a key goal for the future. Another theme from experts is that enterprises need a mobile device strategy that, "focuses less on the device and more on applications and data. That will provide the enterprise with the security that it requires while giving workers the freedom and flexibility that they want," according to Dan Dearing, vice president of marketing, MobileSpaces.