Device security has evolved over the last 10-20 years. With new devices (employee-owned smartphones) and new technologies (SaaS and the cloud), the role of devices in modern work and the field and approaches to device security have shifted almost entirely.
Device security has always been a hallmark of a security program. In the past, say 15 years ago, the devices used to access work systems and devices were almost all company issues, configured, and owned. Today, this is still true of most computers that employees use. But, mobile devices (smartphones) are typically configured and owned by employees.
In addition, the software tools that are used to work have changed. Today, most software used for work are SaaS tools like Salesforce, Slack, Google Workspace, Microsoft 365, and the long tail of 1,000’s of SaaS platforms and niche SaaS tools. SaaS does not just mean the software is delivered over the web. It means the data that is used, manipulated / processed, and stored is done so by the SaaS vendors.
This change is significant because it changes how device security is done and it changes why device security matters.
The phone you have in your pocket or the laptop you use for work are primarily access points into your company systems. There may be some data stored on these devices but the real risk with these devices is that an attacker takes over your devices, likely with your knowing it, and can use your devices to gain access to company systems and data stored in SaaS applications.
In this new paradigm, your devices are primarily access points. There is much less sensitive data stored on devices today than 10-15 years ago. Encrypting your harddrive is still important but it’s much less important than it used to be because you have much less sensitive data stored on your device.
In this new world of SaaS, securing access to your devices is the most important facet of device security. This includes the basic things like passwords and biometrics to access your devices. But it also includes remote access through near-field connection and file sharing through things like Apple Airdrop.
Additionally, the traffic you send back and forth contains sensitive information between your devices and SaaS applications. Ensuring your connections are secure and trusted is essential to effective device security today.
Reframing endpoints and device security for modern work helps to prioritize interventions, security tools (such as endpoint protection platforms), risk management, and training. Endpoints today are not what they were in the near past. Updating your device security program to align with the new paradigm of remote access applications and data (SaaS) will help employees better understand the risk associated with their devices they use.
Haekka Training was was built for modern work. Our content aligns with the new paradigm in work - namely from anywhere via SaaS and with various devices - and the new ways in which endpoints, or employee devices, fit this paradigm.