Author: Chris Roberts, Chief Security Architect, Acalvio
I get asked a LOT about endpoint security and how/what companies (and individuals) should do. Before we go down that rabbit hole, I’m going to make my feelings clear (easier that way). Endpoint security is currently crap; it’s useless and it’s another god-awful Band-Aid that we are applying to the ever-increasing gap between technology and humans. There I said it, and I feel better now.
Now that I’ve made that statement, let’s examine why endpoint security is just a temporary solution.
Right off the bat, what the hell IS an endpoint? Is it your iPhone/Android or the Nest at home that has your schedule, contact list and probably some of your E-Mail on it? Is the endpoint your car? It has contacts, calendar and apps embedded or downloaded to it. It talks with your phone and shares various elements of life with you to ensure you stay up to date on life, and where to take the kids on Saturday – which baseball field/dance practice etc.? What about the car you rented last week in Atlanta? The very same one I got yesterday which still has YOUR profile on it, including your contacts, calendar and preferences (I DO like the music selection you listened to while heading to that client meeting….) That’s one of the first things I do nowadays when I rent a car; see who was in it beforehand. Companies are meant to delete that data, most forget…and let’s face it many people reading this probably didn’t realize they HAD to remove their profile!
How about the Alexa system in the house “helping you?” These virtual home assistants open an ENTIRELY different set of challenges because we now have a ready-made bridge between your corporate data AND your personal data that’s NOT hardwired. Let alone the “learning” the system does by basically recording and filtering everything it is listening to, and yes it has a “safe” word; but let’s face it, we can break into most things you buy from Best Buy. Do you think the Alexa is any different? Oh, and let’s not forget the fact it can be called up as a witness against you in a court of law. What’s next? The microwave testifying that you slammed the door on the fridge thereby causing mental stress?
What about the virtual systems you are now integrating into your social life? Fed up with the dating scene and now turning to virtual friends? Making friends on World of Warcraft? What if you had a bad day at work and yelled at the virtual partner, told them all about the crappy client meeting and how the CEO smells moldy? Obviously, the virtual friend needs to learn appropriate responses and feeds all of this into a database sitting on a cloud somewhere. Think of it as a cauldron with everything about you in it, and there are three witches sitting around it watching you…sound familiar?
Is the endpoint all of these? Yes!
Is the endpoint extending beyond the recognizable boundaries of use, either via our work or our home? Yes!
Is this JUST the start of the tidal wave of digital/virtual/physical integration? Yes!
Have we reached a point where the “traditional view” of endpoints should be consigned to the annals of history? Yes!
How do we manage this; how do we ensure the integrity and security of the data?
We take the humans OUT of the equation.
It is as simple as that!
We’re not capable of making sufficiently informed decisions about the ever-changing world around us to ensure the integrity of the data that is entrusted to us. We have elements of machine learning and Artificial Intelligence already coursing through the very fabric of our personal and business lives. It is time to surrender and hand whatever vestiges of privacy we still cling to and simply let the machines make a more informed AND likely better decision about what IS safe for us to do/use/click than we can do ourselves. After all, they have all our data, they have a better understanding of what and who we are; therefore just sit back, plug in and let them do their jobs.