iPhone, Gmail and blogs - a corporate security nightmare
Fear consumer tech...
The use of consumer-based technology such as web email, instant messaging, smart phones and games consoles by employees is one of the most significant threats to corporate IT security.
Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.
Consumer-based communications tools such as Hotmail, instant messaging and voice over IP are used by most employees, often from work and also as a way to transfer work materials to and from their PCs at home.
In a report, Gmail, iPhones and Wiis: Preparing Enterprise Security for the Consumerisation of IT, Gartner research VP Rich Mogull said: "Most organisations will find themselves unable to completely block these services, for cultural, if not technical reasons, but security options are available to limit the risks that consumer communications services create."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Blogs, social networking tools and other web 2.0 technologies are another risk for information leaks or as channels for malicious software and viruses.
Gartner advises organisations to configure content management and data loss prevention tools to monitor and block the release of sensitive content over HTTP and peer-to-peer network traffic and also configure the web gateway to block any services such as social networking not deemed suitable in the workplace.
The emergence of increasingly sophisticated media-centric consumer mobile handsets such as the iPhone can also be managed without a complete enterprise ban.
Security options for these devices include restricting the ability for unapproved devices or storage to connect to managed PCs and laptops, deploying an SSL (secure sockets layer) VPN to enable secure thin-client remote access to enterprise systems, and encrypting all approved mobile devices with access to sensitive data in case of loss or theft.
Forrester senior analyst Bill Nagel, speaking at the Forrester IT Forum in Edinburgh this week, added: "Not all information needs to be protected. Only put high-levels of security around data you cannot afford to lose. Consumer technology is very useful and is not going to go away."
Forrester highlighted Bluetooth, insecure home wireless networks and "evil twin" malicious public wi-fi hotspots as particular security risks to corporate IT security.
Nagel said: "Bluetooth is a security nightmare. Bluetooth traffic is rarely encrypted. One big problem is people just leave the security enabled by the phone, which is usually nothing. It is very easy to sniff Bluetooth traffic."
But Forrester said the use of consumer-based technology by employees also has many advantages and can lead to equipment cost savings, better back-up of corporate data, more flexible work conditions and improved collaboration.