Then, of course, laptops became popular. You could take your work with you anywhere you went. Funny thing, laptops became popular long before whole-disk encryption was even possible. What happened when you lost one of those? It all became moot a few years ago when anyone and everyone had a flash drive. Today, you can get a flash drive that has a terabyte of storage on it.
All these ways of moving data around have existed forever, yet we still focus on the endpoint. We care about that app or that device that the app runs on. "Mobile devices are insecure!" every vendor screams from the rooftops. App vendors start talking about encryption at rest; they of course encrypt the data while it's on your device. If you are really lucky, some talk about encryption while in motion (let's not get started on SSL, please -- that's not data encryption). These vendors all miss the point.
We have loads of technical debt built up in our legacy apps that drive our organizations and enterprises. We spend so much time focusing on the endpoint that we never take the time to look at the data as it resides at the start point. We should be taking care of our data through its whole lifecycle because you never really know where it's going to end up or how it's going to get there.
Let's start with the basics like encrypting our data while it sits in the data center. Let's build identification and authentication frameworks on which we can then base access to that data. Let's develop a system of encryption keys that are based upon identity and can be handed off to apps and devices as needed.
I know -- it sounds really difficult. It sounds expensive, too. There wasn't enough bandwidth, or people couldn't afford the CPUs needed to do things like encryption. But in this day and age, where everyone is using virtualization and can spin up a new instance in seconds, can we really say we can't do what's necessary?
The truth is it's much easier to worry about that endpoint. It's also easier to sell endpoint solutions. That works really well only until that endpoint is a Dropbox folder that someone placed a critical document in or a USB flash drive they copied it to.
There's no doubt I'm oversimplifying things, but if you aren't willing to look at the basics, how can you really sit here and worry about whether the device you are using is FIPS-certified or whether it uses 128-bit or 256-bit AES encryption when you just emailed that data to your Gmail account?
You know, once the horses are already out, it seems awfully silly to close the barn doors.
This article, "Fearmongers miss the point on mobile security," originally appeared at A Screw's Loose and is republished at InfoWorld.com with permission (© Brian Katz). Read more of Brian Katz's The Squeaky Wheel blog at InfoWorld.com or at A Screw's Loose. For the latest business technology news, follow InfoWorld.com on Twitter.