From: SANS Institute
Introduction
The concept of a security maturity model is nothing new. What is new is that nowadays there’s a certain fluidity in the definition of an endpoint—and how that endpoint fits into a security model.
The “bring your own device” (BYOD) movement was the first shift in the traditional definition of an endpoint, with employee-owned mobile devices now in widespread use across enterprises. The definition is further expanding to include the Internet of Things (IoT), as new devices—even automobiles!—are increasing the attack surfaces of most organizations. Additionally, more organizations are moving their IT workloads to the cloud, leveraging both hosted and SaaS models. Meanwhile, most endpoint management solutions can’t keep up with traditional endpoints, let alone these new “things” coming online in today’s networks. Even platforms that were considered pure infrastructure a few short years ago now qualify as endpoints subject to exploitable vulnerabilities.
Leave a Reply