A New Security Model Where Users Rule

The year is just beginning, but flurries of security predictions for 2015 are already ringing true. Premonitions about data destruction and third-party breaches from WIRED’s Kim Zetter and others are proving to be spot on. In the wake of the recent Anthem breach, we can rightfully say that 2015 is shaking out to be the year of ‘data security headlines’.

Here’s the good news: there’s no need to panic. But there is an immediate need for a new approach to security.

From Sony to Home Depot to Target, we’ve seen a gathering tsunami of breaches that have come to a head in just the last six months. To face these challenges head on, organizations need solutions that will enable the kind of privacy they require, while still being able to utilize the services that they rely on to do business.

As a recent Reuters article points out, these breaches also offer a chance for younger, nimbler companies, like Veradocs, to not only offer new techniques for protecting data and outwitting attackers, but also deliver an entirely new security philosophy. We couldn’t agree more. It’s also imperative that this fresh, new approach centers around empowering the user to share and work securely, because security without user adoption is no security at all. Here’s a few guiding principles I’d like to throw out for the industry to consider as we craft this philosophy:

  • If It Isn’t Usable, It’s Not Security: Sharing data should be easy, but legacy vendors make it cumbersome, leading to low adoption rates and wasted spend. As an industry, we must also accept that spending all of our time securing perimeters and endpoints is pointless because sensitive files and data escape regardless. Cloud services today sell the world on storage security, but associated files are difficult to track once they leave the system. Consequently, it’s extremely common for employees today to envision enterprise security as a roadblock and find workarounds for their email, personal devices and the cloud. Security will only be effective if it’s highly usable for employees and trackable for the enterprise no matter where the data goes.
  • An IT for the People: As Okta CEO, Todd McKinnon, pointed out in Re/Code, “In order to unlock the opportunity for “people-centric” experiences and to realize the new kinds of business value those experiences can generate, IT leaders need to re-prioritize, understanding their people — employees, customers and partners — and their needs first.” I couldn’t have said it better myself. Today’s users are inspired by the technology they use at work and in their personal lives. If companies don’t make tools intuitive and simple for end-users, they will be ignored, putting everyone at risk for potential leaks and security hazards. We are seeing whole movements spring up around the concept of User-Centric IT (www.usercentricIT.com) and at Veradocs, we couldn’t agree more.
  • A New Relationship Between Data, People and Devices: The reality is that most people use a variety of apps and services to do their daily work, including email, Dropbox, Box, Google, Microsoft, and so on. Today, business challenges aren’t about organizing data, but defining its relationship with this new world that blends several user-centric platforms. It’s imperative for solutions to offer a flawless user experience, access control for the enterprise and data loss protection for all to make a true impact on the security of modern business. At Veradocs, that’s exactly what gets us up in the morning.

For security-focused enterprises like Veradocs, Okta, FireEye, Illumio and others, today’s data protection challenges should be viewed as an opportunity to inject usability into the enterprise security conversation. A chance to deliver solutions that protect people, proprietary data and the integrity of both equally. We will triumph in our efforts to overcome data security challenges if the industry brings a fresh perspective and cements users as a focal point for innovation.

Written on February 18, 2015
by Robin Daniels
Tags:
  • BYOD, 
  • Industry, 
  • Security