By Andy McCue, 15 June 2007 15:48
NEWS
The use of consumer-based technology such as web email, instant messaging, smart phones and games consoles by employees is one of the most significant threats to corporate IT security.
Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.
Consumer-based communications tools such as Hotmail, instant messaging and voice over IP are used by most employees, often from work and also as a way to transfer work materials to and from their PCs at home.
In a report, Gmail, iPhones and Wiis: Preparing Enterprise Security for the Consumerisation of IT, Gartner research VP Rich Mogull said: "Most organisations will find themselves unable to completely block these services, for cultural, if not technical reasons, but security options are available to limit the risks that consumer communications services create."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Blogs, social networking tools and other web 2.0 technologies are another risk for information leaks or as channels for malicious software and viruses.
Gartner advises organisations to configure content management and data loss prevention tools to monitor and block the release of sensitive content over HTTP and peer-to-peer network traffic and also configure the web gateway to block any services such as social networking not deemed suitable in the workplace.
The emergence of increasingly sophisticated media-centric consumer mobile handsets such as the iPhone can also be managed without a complete enterprise ban.
Security options for these devices include restricting the ability for unapproved devices or storage to connect to managed PCs and laptops, deploying an SSL (secure sockets layer) VPN to enable secure thin-client remote access to enterprise systems, and encrypting all approved mobile devices with access to sensitive data in case of loss or theft.
Forrester senior analyst Bill Nagel, speaking at the Forrester IT Forum in Edinburgh this week, added: "Not all information needs to be protected. Only put high-levels of security around data you cannot afford to lose. Consumer technology is very useful and is not going to go away."
Forrester highlighted Bluetooth, insecure home wireless networks and "evil twin" malicious public wi-fi hotspots as particular security risks to corporate IT security.
Nagel said: "Bluetooth is a security nightmare. Bluetooth traffic is rarely encrypted. One big problem is people just leave the security enabled by the phone, which is usually nothing. It is very easy to sniff Bluetooth traffic."
But Forrester said the use of consumer-based technology by employees also has many advantages and can lead to equipment cost savings, better back-up of corporate data, more flexible work conditions and improved collaboration.
Comments
There are 2 comments. Join the discussion
1. anonymous
No, the real issue is TRUST, mixed with a little education.
Some (very small) percentage of employees will always do deliberately malign things - and find a way, whatever is put in place.
Some (pretty small) percentage will do unwise things through ignorance or error.
Most employees, most of the time, behave sensibly and responsibly and can be trusted to be so.
If you want a decent workplace and a decent company act on this basis rather than letting paranoia and control freakery cause you to adopt a "control and restrict all" attitude.
I worked in an organisation that banned external IM and various other external facilities, such as access to web cams, for perverse and irrational reasons. The most telling comment I heard came from a lady colleague with little interest in technology who simply wanted to keep in occasional contact with a sick relative - "this tells me the company do not trust me, not just about this, but about my conduct in general. It tells me their words about the importance of family and work-life balance are hollow PR and not meant."
Quite so.
2. MusicFan
I fail to see why the first word in the title of this report should be "IPhone".
Its just the latest in a long line of smartphones capable of large storage and as such does not warrant such prime positioning.
This is old news that we have all known for sometime, just with "iPhone" thrown in.
Nobody seems to be concerned with the massive security whole provided by FTP which has been around for years....but the iphone, which isnt released yet....Big securuity fear!
Perhaps this is just another method of advertising the (ahem) "revolutionary" next apple product.