Consumer-tech use threatens corporate security

Introduction to the enterprise of technology such as web email, VoIP and social networking challenges traditional security models, analysts warn

The use of consumer-based technology such as web email, instant messaging, smartphones and games consoles by employees is one of the most significant threats to corporate IT security.

Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.

Consumer-based communications tools such as Hotmail, instant messaging and VoIP are used by most employees, often from work and also as a way to transfer work materials to and from their PCs at home.

In a report, Gmail, iPhones and Wiis: Preparing Enterprise Security for the Consumerisation of IT, Gartner research vice president Rich Mogull said: "Most organisations will find themselves unable to completely block these services, for cultural, if not technical reasons, but security options are available to limit the risks that consumer communications services create."

Blogs, social-networking tools and other Web 2.0 technologies are another risk for information leaks or as channels for malicious software and viruses.

Gartner advises organisations to configure content management and data loss prevention tools to monitor and block the release of sensitive content over HTTP and peer-to-peer network traffic and also configure the web gateway to block any services such as social networking not deemed suitable in the workplace.

The emergence of increasingly sophisticated media-centric consumer mobile handsets such as the iPhone can also be managed without a complete enterprise ban.

Security options for these devices include restricting the ability for unapproved devices or storage to connect to managed PCs and laptops, deploying an SSL (secure sockets layer) VPN to enable secure thin-client remote access to enterprise systems, and encrypting all approved mobile devices with access to sensitive data in case of loss or theft.

Forrester senior analyst Bill Nagel, speaking at the Forrester IT Forum in Edinburgh this week, added: "Not all information needs to be protected. Only put high-levels of security around data you cannot afford to lose. Consumer technology is very useful and is not going to go away."

Forrester highlighted Bluetooth, insecure home wireless networks and "evil twin" malicious public Wi-Fi hotspots as particular security risks to corporate IT security.

Nagel said: "Bluetooth is a security nightmare. Bluetooth traffic is rarely encrypted. One big problem is people just leave the security enabled by the phone, which is usually nothing. It is very easy to sniff Bluetooth traffic."

But Forrester said the use of consumer-based technology by employees also has many advantages and can lead to equipment cost savings, better backup of corporate data, more flexible work conditions and improved collaboration.