Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/23/2011
12:23 PM
50%
50%

Five Ways To Secure The Consumer IT Invasion At Work

Companies have had to deal with increasing amounts of worker-owned device in the networks

Companies are increasingly seeing an influx of employee-owned mobile devices on their networks, a trend that will likely accelerate during the coming holiday season.

The influx of personal devices into the workplace -- more formally known as the consumerization of IT -- offers solid gains to companies in terms of productivity and allowing workers to be more flexible in how they do their jobs. The downside is that workers' devices can carry with them security threats and expose the business network to compromise.

Companies need to better deal with the security impact of employee-owned devices because the benefits are too great to dismiss, says Sanjay Beri, vice president of Juniper's security and Pulse businesses.

"This is something that every company is dealing with," Beri says. "Companies should embrace it. It is definitely the right thing to do to empower your employees."

The landscape has changed in the past year, as well. In 2010, the majority of new devices were Apple products -- iPhones and iPads -- but this year companies also need to be prepared for Android devices, a much more complex ecosystem than the stringently controlled Apple platform, says Ojas Rege, vice president of products for MobileIron.

"Companies have to get themselves educated on Android," he says.

Here's what you can do now to protect your network from the coming wave of employee-owned mobile devices:

1. Don't ban devices.
In the past, many companies have balked at providing access to their networks to consumer-owned devices. Yet the productivity gains from such technology are significant, according to a recent report commissioned by IT infrastructure firm Citrix.

The survey found that businesses are seeing productivity gains of up to 36 percent from employees who use both corporate and personal devices for work. Because of the increased productivity, a third of businesses are pushing their IT teams to allow more flexible workplace practices, including allowing consumer devices to connect to corporate resources.

"Most companies see how good these things can be for their business, so they are backing away from the knee-jerk reaction of locking out personal-owned devices," says Elizabeth Cholawsky, vice president of IT services for Citrix.

2. Find what's connecting to the network.
The first step for most firms needs to be identifying the scope of the threat by monitoring which devices are connecting to the network, says MobileIron's Rege. Device management software, historically used to manage corporation-owned devices, has a wide variety of features to set policies on devices and ensure that users are abiding by the policies.

"Companies need to have full visibility into what's connecting," he says. "When a device first comes in, they need to make sure that they can identify it and monitor it."

Most mobile device management software firms, such as MobileIron, require that devices connecting to the corporate network run their clients to help manage the security of the device.

3. Conscript network-analysis tools to identify threats.
Many companies already have technologies that can manage the threat of mobile devices and other consumer-owned technology that enter the network. Network-performance monitoring systems detect anomalous activity that could be a sign of a breach or an untrusted device attempting to expand its foothold in the network, says Steve Shalita, vice president of marketing at NetScout Systems, which makes service management products to optimize networks.

"Performance issues can often be security issues," Shalita says. "Looking for cyberthreats, which impact the network, are something that these systems already do."

Such systems can push anomaly information to security information management systems, which can help the information cross the common divide between IT management and IT security.

4. Push policy to devices.
One benefit of personal devices that run corporate device management clients is that the business can help set appropriate policies for sensitive data, Juniper's Beri says. Based on the identify of the user and the status of the phone, the company can take action.

"You can let them on the network based on who they are, as well as the status of their device -- such as whether the device is jailbroken or running a rogue app," he says.

Many companies take a "block all" policy, allowing only devices that can be identified or go through a vetting process. Others take an "allow all" policy, putting the devices on a virtual network separated from corporate resources unless they devices are authorized.

5. Establish privacy policies.
While improving the security of employee-owned IT, companies have to make sure they are also protecting their workers' privacy. Running mobile device management software on phones and tablets can reveal a lot of information about individuals if not limited by corporate policy.

"It is the right time for organizations to put their first draft of a privacy policy in place for these devices," Rege says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...