Consumer Based Technology Is A Corporate Security Nightmare

The use of consumer-based technology such as Web e-mail, instant messaging, smart phones and games consoles by employees is one of the most significant threats to corporate IT security. Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional […]

The use of consumer-based technology such as Web e-mail, instant messaging, smart phones and games consoles by employees is one of the most significant threats to corporate IT security.

Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.

Consumer-based communications tools such as Hotmail, instant messaging and voice over IP are used by most employees, often from work and also as a way to transfer work materials to and from their PCs at home.

In a report, Gmail, iPhones and Wiis: Preparing Enterprise Security for the Consumerization of IT, Gartner research VP Rich Mogull said: "Most organizations will find themselves unable to completely block these services, for cultural, if not technical reasons, but security options are available to limit the risks that consumer communications services create."

Blogs, social networking tools and other Web 2.0 technologies are another risk for information leaks or as channels for malicious software and viruses.

Gartner advises organizations to configure content management and data loss prevention tools to monitor and block the release of sensitive content over HTTP and peer-to-peer network traffic and also configure the web gateway to block any services such as social networking not deemed suitable in the workplace.

The emergence of increasingly sophisticated media-centric consumer mobile handsets such as the iPhone can also be managed without a complete enterprise ban.

Security options for these devices include restricting the ability for unapproved devices or storage to connect to managed PCs and laptops, deploying an SSL (secure sockets layer) VPN to enable secure thin-client remote access to enterprise systems, and encrypting all approved mobile devices with access to sensitive data in case of loss or theft.

Forrester senior analyst Bill Nagel, speaking at the Forrester IT Forum in Edinburgh this week, added: "Not all information needs to be protected. Only put high-levels of security around data you cannot afford to lose. Consumer technology is very useful and is not going to go away."

Forrester highlighted Bluetooth, insecure home wireless networks and "evil twin" malicious public Wi-Fi hotspots as particular security risks to corporate IT security.

Nagel said: "Bluetooth is a security nightmare. Bluetooth traffic is rarely encrypted. One big problem is people just leave the security enabled by the phone, which is usually nothing. It is very easy to sniff Bluetooth traffic."

But Forrester said the use of consumer-based technology by employees also has many advantages and can lead to equipment cost savings, better back-up of corporate data, more flexible work conditions and improved collaboration.

Source:→ ZDNet

Consumer, Technology, Smart Phones, Emails, Blogs, Instant Messaging, Game Consoles, Corporate IT Security, Threat