Our own Simon Cocking moderated a great discussion with Dug Song from Duo Security, Bill Mann from Centrify and Magnus Kalkuhl from Ionwalk at EnterConf last Friday. The topic was Identity Management to Identity Access Security, which is the management of individual users, their authentication, authorisation and privileges within limited areas or across system and enterprise boundaries. The main aim of this is to increase security and productivity whilst also decreasing cost, downtime and repetitive tasks.
Dug stated that for him the key issues are Shadow IT and BYOD. Shadow IT is where IT systems and IT solutions are built and used inside companies without approval. This can be a major security issue, especially if other departments in a company do not know of its existence and data may be taken without their consent and knowledge. BYOD (Bring Your Own Device) is where employees in a company use their own personal hardware in their job. If an employee is using their personal laptop or smartphone as their main laptop or phone security breaches are more likely to occur. The security protocols on a company device will always be more stringent than on a personal device.
Bill commented that that we are using too many apps and cloud services, and that we should make it easier and also more secure for the end user. The more apps and cloud services we use the harder it is to keep track of what we are using, and also it is harder to monitor which apps and cloud services are accessing our data. Bill also mentioned that compliance is very important as it makes sure that we are all following the same security protocols.
Simon asked Magnus why he left Kaspersky. And Magnus mentioned that he wanted to create his own startup. The startup he created Ionwalk, was setup using some of the security know how he learnt whilst at Kaspersky. His company offers lifelogging for businesses which is a personal productivity coach for your business that helps you get back on track if things go wrong, and any data shared is encrypted before it is uploaded.
Simon wondered how we can deal with the human factor and Dug gave his thoughts on this. The ways we use technology and the way the end users use it is a challenge. We have to make sure that we all use technology in a safe and secure way. Dug also mentioned that he works with highly diverse companies with different trust issues. The trust issues are contractor v employee, where you have to decide how much access to your systems.
When it comes to building user experience Bill stated that it’s a balancing act make it easier for the user whilst also having good security in place. Simple sign on and multi-factor authentication is a must for users these days and the end users device and location also play their part.
According to Magnus everyone is responsible for security as what you do is in your name. Anything that you do in your job is accountable to you, even if you have passed it on to someone else. There should be no weak links in the chain and the same security standards must be adhered to at all times.
Dug also spoke about future trends and noted that everything we used to use relied on Microsoft, but that has changed as we use mobiles more. Mobiles are more secure than the computers we used five years ago. He likened it to adding seat belts to car and that we are now building safer products
Bill was very disappointed about how security was dealt with at the moment and he wonders why security is added as an afterthought, when it should be part of the OS from day one. When security is added as an afterthought it might not be as compatible as it should be. Security is now a personal thing for him as he is protecting the data of himself and others.
Magnus pondered that in twenty years from now people will wonder how we survived. Especially with the hardware that we are using at the moment, the computing power that we used to land man on the moon can now be found in a smart phone and also wearable devices.
Dug enthused about mobile being a great environment, and as we are using mobile more and more it is bringing the reality of pocket computing into our daily lives. He also mentioned that Salesforce protect their data like a bank and we should do likewise.
Dug then finished off the discussion by reminding us that users offer the biggest risks and exposures, which is why they are targeted.