The Greatest Threat to IT Security – Is You

Dell Data Protection - from smartphone to the cloudIn the security world, it’s easy to get caught up in the publicity generated by the next big digital security threat. It could take the form of a spearfishing attack or Java exploit, or involve state-sponsored espionage or criminal organizations as sophisticated as nation-states.  Amid the spin and reality of our ever-changing threat environment, we sometimes lose sight of the most likely and controllable security threat of all – the “Oops!” moment.  These moments lead to the most significant data breaches, compliance busts and economic hardships for organizations, and happen in ways that IT administrators face on a daily basis:

  •  “I lost my smartphone”  
     
  • “Someone stole my laptop”
     
  • “I left my PC in the taxi”

Gathering data on security breaches is notoriously difficult because targeted organizations are loath to publicize details of hacker exploits.  The best data set I’ve seen comes from the Department of Health and Human Services, which publishes a database  describing every major healthcare breach compromising patient data.  What’s notable about the dataset is the prevalence of these “Oops!” moments.  According to the Department’s database, thefts and other losses of computer hardware led to 72 percent of breaches in the healthcare space.  What’s more, end user devices like PCs, mobile phones and removable media are far and away the most common sources of breach, leading to 53 percent of all data breaches. We need to be vigilant of the emerging threat landscape, but we can’t forget that simple human error is far more likely to catch up with us than the next ring of highly organized hackers.

This brings me to new “Oops!” moments we are likely to see this year.  Users storing data in Cloud services such as Box and Dropbox may become likely targets.  Organizations love these services because of the efficiency, collaboration and cross-platform document sharing they enable.  Everything from insecure passwords, to poor decisions about sharing data, to the choice of what to load up to the services represent big potential “Oops!” moments for end users and their sensitive company data.

More than a year ago, the Dell Data Protection | Encryption team began working to give organizations more control of end user data—even data stored in emerging cloud services.  With this week’s launch of Dell Data Protection | Cloud Edition, organizations now can encrypt data before it is transmitted to cloud services for storage (which allows users to collaborate the way they want using cloud storage services, Box and Dropbox, while simultaneously protecting and securing corporate information).  By controlling their own equipment end to end, organizations can more easily demonstrate compliance and embrace Cloud storage services.  Just as important, organizations can ‘wipe’ encryption keys owned by employees who have left the organization, rendering all of their data inaccessible, even data that resides far outside the firewall and in the public cloud.

To address the “Oops!” moments that involve smartphones and tablets, the Dell Data Protection | Mobile Edition also is now available and expands our security offering to Android and iOS mobile products. It provides comprehensive protection by helping ensure IT remains in control of data accessed on smartphones and tablets running Android and iOS operating systems. By offering central management and reporting, IT has greater visibility and control thus reducing the compliance workload and the risk of a data breach. Dell Data Protection | Mobile Edition, is easy to manage and transparent to end users. IT can easily set policies and restrictions across the enterprise, conduct remote wipes and manage profiles – all from a single console and without compromising the end user experience.

Dell is committed to helping our customers protect and secure their corporate data and do so without adding IT complexity. With these new encryption offerings,  Dell Data Protection | Encryption solutions protect data wherever it goes – laptops, desktops, tablets, smartphones, external media and the cloud – with the highest level of protection commercially available for system disk encryption with optional Hardware Crypto Accelerator. We’re focused on helping our customers remain in compliance by providing pre-set templates and policies that make it easy to meet regulations, and our solution saves time because it works seamlessly with existing IT tools and processes.

Ultimately, an effective, end-to-end security strategy is one in which organizations deploy solutions that protect inside-out and outside-in. At Dell, we’ve taken a holistic approach to security and strongly believe it’s time for organizations to refocus technology resources to drive connected security.

For more information on Dell Data Protection and how it can benefit your organization’s overall security efforts, please visit Dell.com/encryption.   

About the Author: Darren Shimkus