From the early days when PCs began to take computing power away from mainframes and data started to become decentralized, securing that endpoint has been a challenge. Desktops moved to laptops, smartphones and tablets entered the business sphere and that “locally” decentralized data moved out of the offices with users working from locations where IT and security operations didn’t have direct control. Client/server applications gave way to web-based applications, introducing software-as-a-service, managed data centers shifted to cloud services, and the complexities of securing the endpoint compounded because the data continued to move further away from the direct control of business operations.
Yet even with all these changes in how users work with applications and data, businesses had time to adapt and build out plans for how to deal with it. Whether those plans were entirely effective or not isn’t what we’re talking about here (Forrester has reams of research on securing and managing the endpoint, applications, and user access). We’re living in a new world of business computing. Anywhere work has become the dominant approach to how employees access business applications. So now IT and security operations teams have to develop new plans for various scenarios — the distance between the users and the corporate data can vary day to day, depending on whether the user is in the office or outside it; or the applications accessed are in the data center or at a cloud provider; or if the app is one they manage or a SaaS app that is completely controlled by someone else.
Adding to the near vertical climb of current endpoint protection is the knowledge that many users, having been quickly thrown into the world of anywhere work recently, don’t have a complete understanding of what is needed to work securely when outside of an office. Forrester’s survey findings and research on information workers and their thoughts on their company’s cybersecurity approach should worry any SOC team. Add in that many home networks are relatively insecure and that the vast majority of business employees don’t have a background in cybersecurity and it’s no surprise that cybersecurity professionals are getting burnt out trying to overcome these problems.
This all raises a lot of questions. What can be done to protect the endpoints themselves? What technology exists or is emerging that can provide more protection than what you may be using now? What can be done to protect the modern endpoint — the browser? How can you engage the users in cybersecurity to show them how to work safely and securely in the new world of anywhere work?
Join me at the Forrester Security & Risk 2022 event in Washington D.C. (and virtually) on November 8-9 and we’ll look to answer these questions and provide specific guidance during my session Rethinking How To Secure The Anywhere-Work Endpoint. Learn more about the Security & Risk event agenda and learn how to register here.