I hate airport security. The endless lines. Taking off your shoes. And your jacket. And your belt. Pulling all of your gadgets / laptops / tablets out of your bag, throwing away your toothpaste because it’s oversized, being scanned by mysterious scanners, being patted-down by strangers, answering security questions about your visit at 6AM after a red-eye flight. The fun never ends.
Airports weren’t always like that. In 1955, someone blew up a plane by placing a dynamite bomb in luggage. This kicked off a series of security measures by airports and counter-measures by terrorists over the years. The authorities in charge of securing airports added (amongst other things) armed security guards, psychological profiles, x-ray and metal detectors, security questions, restrictions on liquids and full-body 3D scanning. And yet, in 2019, more than 60 years later, terrorists are still able to sneak a bomb into a plane and trigger an explosion.
We waste countless hours as passengers worldwide, dedicate an army of security and logistics personnel to handle all of this security, not to mention the many billions of dollars spent just in the US alone on airport security. It feels like terror won, not by doing harm, but by wasting our time and resources on security measures that have questionable ROI.
In a sense, end-user computing devices have gone through a very similar journey. If you’re working for a large company, you probably suffer from a counter-productive, security-inspired user experience on your corporate devices.
Here’s just one day in my previous life working for a large tech company. If I ever attempted to work remotely, I had to first wait for a dozen endpoint security/IT agents to launch, then login with one/two/three factors of authentication, then try to connect to the network, kicking off the VPN agent that blocked the WiFi landing page. If I did get connected, I got blocked by the corporate web proxy when trying to do some research on the web (and of course, I couldn’t listen to Spotify over the corporate VPN). Downloading that important file from my client wasn’t going to work as they were using Dropbox. Installing that Zoom add-on to share my screen in a meeting wasn’t possible as no installations were allowed (and the other party couldn’t connect to our Webex service). Then an anti-virus scanner woke up to do a full scan of my disk, bringing my endpoint to a full stop. That thumb drive I needed to get my presentation from? Nope, couldn’t plug it in, that’s just corporate policy.
The news is full of similar organizations that have all of these restrictions and agents in place but still get breached. Through a user’s device. Just look at the infamous Wannacry outbreak that reached 200,000 in 150 countries in just a few days. It makes one think that cyber-terrorism won.
We spend an infinite amount of resources on endpoint security (a quarter of the entire IT spend on security, according to Gartner) – including endpoint agents, ineffective VDI solutions, patching and updating the humongous software base on endpoints, setting policies, analyzing alerts with dedicated security analyst teams, etc. We also waste countless hours of employee productivity, create frustration – and in some cases lose our employees – all because of outdated controls and restrictions that do not stop persistent attackers. Something has to change in our fundamental approach.
Unlike airport security, endpoints can be radically, and easily, transformed to be secure-by-design. It’s entirely possible to have an architecture that withstands any OS or app vulnerability, while actually allowing users to get more done, unleashing their productivity and innovation. Securing the corporate crown jewels no longer has to be a lose-lose situation for users and security teams, or a binary decision of “allow” or “block.”
With Hysolate, you can seamlessly split a user’s laptop into two virtual machines running side by side: the locked-down corporate world and an unlocked world. Everything the user does runs in one of those virtual machines, as if he had two laptops on his desk – just without the physical barrier. It all looks and works like a normal Windows machine so that it’s easy to use even for the most non-tech savvy people. Sensitive corporate apps and websites automagically run in the corporate world and all of the other stuff runs on the unlocked world. This lets organizations free their users while being able to withstand endpoint breaches, since they can’t touch or impact sensitive information.
Luckily, end-user devices are not like airports. Hysolate lets enterprises remove many of the hurdles standing in the way of users and gain the upper hand against remote and inside attackers, so that cyber-terrorism does not paralyze our way of life.