Joseph Souren
Wednesday, January 23, 2013

For some time, layering security software on top of a device has been the approach that thousands of enterprises (and software security providers) have relied on in their quest to protect information and evade network threats. It’s easy to see why – it’s the approach that’s been sold to them.

Yet, software security has never been the ‘one and only’ answer on its own. Hackers are clever people, with an increasingly sophisticated range of techniques to infiltrate the layers of software that secure a device. What has long been ignored, though, is the fact that devices already have security hardware embedded, it’s just not used.

Think about it like this: you buy a car. When a car is manufactured, bespoke safety specifications are designed for that model and then built in. You wouldn’t drive down the road and retrospectively fit another manufacturer’s seat belts and air bags – they wouldn’t fit or work as well. The same theory applies when securing the device, as each is manufactured with bespoke security embedded.

Rather than activating and managing this security, enterprises have been layering software security on top – this isn’t enough.