As companies make more use of consultants, freelancers, and contingent employment, in addition to work from home and BYOD, sensitive data is being found on more roaming endpoints. Endpoints are frequently shared with private and other employer data. This mix of data complicates any attempt to protect it. For organization that make use of cloud applications, protecting the data at the endpoint is even more difficult, since there are no network perimeters to help protect the endpoint.
InfoSec and compliance is a well-established market. For most organizations it consists of a stack of enterprise applications including a mix of technologies such as data loss prevention (DLP), encryption services, identity management services, discovery services and other solutions.
This stack of products works well for users inside the network. For users outside the network (such as remote employees, freelancers, consultants, contingent workforce and other Gig economy employees) the stack can’t be deployed, thus creating unmanaged endpoints from an InfoSec perspective. The main reasons are:
Lack of support for user devices (BYOD): These devices are shared with other employers and the employees own personal information. A Chinese wall separating the employer’s info from other information is needed.
The technologies depend on network services: Due to the risk posed by their potentially infected devices and to network performance issues, transitory employees are rarely afforded access to required services.
High TCO of pushing out and managing the stack: Stack systems are hard to push to and configure at endpoints (a problem usually addressed at internal employees by using a corporate image).