The line between enterprise software and personal tech is blurring

Posted at Jan 14, 12:00h in cybersecurity Richard Gall, Marketing Categories: cybersecurity, data-protection, infosec, privacy, Enterprise-Technology

When I read a piece on The Verge recently that teens on the social media platform are embracing workplace collaboration and productivity app Notion I simply smiled at the absurdity. Given current circumstances, it wasn’t really that surprising — if anything it was just nice to see that for once, a news story could be weird without feeling like there was something dangerous or transgressive at play.

After some reflection, however, I started thinking about the way in which the lines between enterprise software and our personal lives are blurring. This is, of course, really just a consequence of pandemic home working. The BYOD trend might have been with us for nearly a decade but the last ten months or so really have made our personal devices our professional ones.

There are, however, real consequences to all this. Clearly, there are urgent issues about work life balance that need to be addressed, and the impact on our health (mental and physical) must be considered. But the recent Solarwinds incident illustrates the way in which the modern software ecosystem is fluid, and how it makes us all vulnerable, in whatever context we find ourselves in — at work, at home, or, indeed, out and about and on the move.

The benefits and drawbacks of tech’s fluidity

This fluidity of today’s technology ecosystem is both a benefit and a drawback. On the one hand our ability to move seamlessly between applications, to access them whenever and wherever we want is something that few of us will want to give up in either our personal or professional lives.

But, the Solarwinds attack is a timely reminder that this fluidity and convenience comes at a cost. The infrastructure that allows software to work at great scale, speed, and availability, is one that is highly distributed, made up of an intricate ecosystem of platforms and tools. Many of these are invisible, but this increased complexity introduces unpredictability and greater security risks.

One element of this complexity is us. Complex software might be built to meet human needs but even the most sophisticated systems cannot be designed for every single possible use case. They cannot adapt in real-time to new errors and incidents that no one could have accounted for.

To put it another way, often we are risk vectors. Whether we’re joining a work network on a new device, or we forget password hygiene, we are sometimes the unsuspecting vessels through which malicious actors can implement attacks.

But equally, these blurred lines can make us susceptible to attacks too. Although it’s true that cyber criminals are more likely to target large companies or government agencies, if they are able to launch attacks on individuals at scale, then personal IT users immediately become a much more attractive proposition.

Indeed, there are many things we can do to minimise these risks. But the purpose of this piece isn’t to list all of them out. You probably already know most of them already.

What is important to remember is that there are no boundaries between your personal and professional IT. And, what’s more, this isn’t simply because you happen to be using the same laptop for work as your personal life; it’s also because the platforms and tools that we take to be part of personal IT are embedded and built on enterprise IT. This means that corporate vulnerabilities are your vulnerabilities. Your vulnerabilities are corporate ones too.

Time to ditch the personal and enterprise distinction?

Perhaps we just need to ditch the distinction between enterprise software and personal IT.

These terms make us think that both move in very different domains, designed in different ways to do different things. Instead, we should start seeing our personal IT as enterprise software and our enterprise software as personal software.

Only if we do that will we be able to better defend what matters to us and ensure that we can remain as productive, happy, and content as most of these products tell us they can help us become.


Previous Post

What is adaptive security?

Next Post

What 2020 has taught us about data protection