Information security: Least resistance and perdition
What brought this to mind were some of the comments and correspondence I received in response to last week's column, which contended that for the most part, BYOD happened in spite of IT when we should have been actively sponsoring it instead -- a detail most companies can still fix.
Some of the less enthusiastic and approving comments expressed concerns about the consequences of both data theft and any failure to comply with the various regulatory regimes that require strong security. Far be it from me to come out in favor of data theft or regulatory noncompliance. No, no, no -- you definitely want to protect your data and comply with the relevant regulations.
You just need to be smart about how you do so; when the subjects are information security and compliance, the path of least resistance and the road to perdition are one and the same. It's how you join the Value Prevention Society -- as pointed out last week, the easiest way to achieve information security perfection is to disconnect from the Internet, disable the USB ports, and otherwise do everything possible to make any transfer of bits from one computer to another impossible.
When it comes to bits, information security understands that every single one is a potential threat. In this respect, information security isn't wrong, just as it's true that from the perspective of personal safety, every human contact you make is a potential threat.
Most of us respond by trying to maintain a sane balance between prudent caution and an enjoyable social life. Those in the forefront of information security have started to take an equivalent approach. In particular, as an increasing amount of system access comes from outside corporate facilities -- from teleworkers, business partners, and customers -- the trend toward focusing on asset protection far more than hardening the perimeter is immensely important. That is, companies get a lot more security from encrypting database columns and laptop hard drives than from upgrading the firewall yet again.
Offline VDI: Liberty and safety
From a BYOD perspective, there's another technology, now mature enough for prime time, that deserves your close attention: VDI, especially "offline VDI."
In case you aren't familiar with the term, offline VDI is just what it sounds like. It maintains a central image of each user's virtual machine, but that image is downloaded to the user's personal computer and executes there. Whenever the user reconnects to the corporate network, the server resynchronizes with it, uploading any changes (including data edits) made by the user while downloading any centrally administered alterations, such as software patches and antimalware updates.