Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/23/2011
12:23 PM
50%
50%

Five Ways To Secure The Consumer IT Invasion At Work

Companies have had to deal with increasing amounts of worker-owned device in the networks

Companies are increasingly seeing an influx of employee-owned mobile devices on their networks, a trend that will likely accelerate during the coming holiday season.

The influx of personal devices into the workplace -- more formally known as the consumerization of IT -- offers solid gains to companies in terms of productivity and allowing workers to be more flexible in how they do their jobs. The downside is that workers' devices can carry with them security threats and expose the business network to compromise.

Companies need to better deal with the security impact of employee-owned devices because the benefits are too great to dismiss, says Sanjay Beri, vice president of Juniper's security and Pulse businesses.

"This is something that every company is dealing with," Beri says. "Companies should embrace it. It is definitely the right thing to do to empower your employees."

The landscape has changed in the past year, as well. In 2010, the majority of new devices were Apple products -- iPhones and iPads -- but this year companies also need to be prepared for Android devices, a much more complex ecosystem than the stringently controlled Apple platform, says Ojas Rege, vice president of products for MobileIron.

"Companies have to get themselves educated on Android," he says.

Here's what you can do now to protect your network from the coming wave of employee-owned mobile devices:

1. Don't ban devices.
In the past, many companies have balked at providing access to their networks to consumer-owned devices. Yet the productivity gains from such technology are significant, according to a recent report commissioned by IT infrastructure firm Citrix.

The survey found that businesses are seeing productivity gains of up to 36 percent from employees who use both corporate and personal devices for work. Because of the increased productivity, a third of businesses are pushing their IT teams to allow more flexible workplace practices, including allowing consumer devices to connect to corporate resources.

"Most companies see how good these things can be for their business, so they are backing away from the knee-jerk reaction of locking out personal-owned devices," says Elizabeth Cholawsky, vice president of IT services for Citrix.

2. Find what's connecting to the network.
The first step for most firms needs to be identifying the scope of the threat by monitoring which devices are connecting to the network, says MobileIron's Rege. Device management software, historically used to manage corporation-owned devices, has a wide variety of features to set policies on devices and ensure that users are abiding by the policies.

"Companies need to have full visibility into what's connecting," he says. "When a device first comes in, they need to make sure that they can identify it and monitor it."

Most mobile device management software firms, such as MobileIron, require that devices connecting to the corporate network run their clients to help manage the security of the device.

3. Conscript network-analysis tools to identify threats.
Many companies already have technologies that can manage the threat of mobile devices and other consumer-owned technology that enter the network. Network-performance monitoring systems detect anomalous activity that could be a sign of a breach or an untrusted device attempting to expand its foothold in the network, says Steve Shalita, vice president of marketing at NetScout Systems, which makes service management products to optimize networks.

"Performance issues can often be security issues," Shalita says. "Looking for cyberthreats, which impact the network, are something that these systems already do."

Such systems can push anomaly information to security information management systems, which can help the information cross the common divide between IT management and IT security.

4. Push policy to devices.
One benefit of personal devices that run corporate device management clients is that the business can help set appropriate policies for sensitive data, Juniper's Beri says. Based on the identify of the user and the status of the phone, the company can take action.

"You can let them on the network based on who they are, as well as the status of their device -- such as whether the device is jailbroken or running a rogue app," he says.

Many companies take a "block all" policy, allowing only devices that can be identified or go through a vetting process. Others take an "allow all" policy, putting the devices on a virtual network separated from corporate resources unless they devices are authorized.

5. Establish privacy policies.
While improving the security of employee-owned IT, companies have to make sure they are also protecting their workers' privacy. Running mobile device management software on phones and tablets can reveal a lot of information about individuals if not limited by corporate policy.

"It is the right time for organizations to put their first draft of a privacy policy in place for these devices," Rege says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.