Security: The Consumer Device Conundrum

News Analysis: With workers carrying a growing array of consumer devices capable of storing large amounts of data, enterprises are being forced to rethink their IT policies to protect themselves from vulnerabilities.

With the introduction of Palms newest Treo, Nokias partnership with Google for instant messaging on the handheld and BlackBerrys move into China, its clear that powerful devices abound, offering sophisticated capabilities both inside and outside the office.

Enterprises must balance the promise of such products with the security implications they bring.

When intellectual property expert and attorney Mark Halligan wants to show business leaders how easy it is for their employees to secretly walk out the door with important data, he simply shows them his watch and asks them to tell him what time it is.

While the uninformed may simply gaze at the timepieces face and mutter some reading of its hours and minutes, those with a truly sharp eye catch on fast, because the seemingly innocuous wristwatch bears a USB connector that allows the device to download and store roughly 1GB of electronic information.

The experts Dick Tracy-like gizmo might still be rare at this point, but the demonstration serves as a sobering reminder for even those firms already keeping a watchful eye on their employees behavior.

Smart phones, digital music players and USB drives might help your workers feel happy and even be more productive, said the trade secret protection expert, but at the end of the day such consumer devices may pose a greater security risk than he feels most companies should be willing to stomach.

"It costs more in the short run for companies to issue their own equipment, but in the long run its probably the best approach," said Halligan, a principal in the Chicago-based law firm Welsh & Katz.

/zimages/4/28571.gifClick here to read more about companies efforts to keep their networks secure during World Cup season.

"With outside consumer devices, you need to build strict policies that police and limit the use of each individual technology, each device, or else someone will bring them into your operation and simply walk away with your data."

Industry watchers agree that enterprises are navigating largely uncharted seas as they attempt to strike a balance between allowing their workers to use new mobile hardware, while safeguarding their own interests.

Solutions to the issue range from the crude—squirting hot glue into PCs USB ports to keep keychain fobs and iPods off the network—to the advanced—blending IT systems with physical security tools to actively monitor peoples behavior.

One of the biggest issues in dealing with the explosion of consumer devices coming into the enterprise is companies growing dependence on employees experiences outside of the workplace in familiarizing themselves with emerging technologies.

For instance, experts have long maintained that the adoption of smart phones, powerful handhelds with PC-like features and sizeable onboard memory, will be driven by peoples use of the devices outside work.

Telling workers to leave their smart phones at home is counterproductive, said Steve Baker, analyst with NPD Group, Port Washington, N.Y. Banning them will extend the timeframe for moving this next generation of mobile devices into the corporate environment, he said.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

If IT administrators had banned Palms original PDAs out of security fears in the mid-1990s, we may not have the companys latest Treo smart phones today, he said.

"These types of technologies tend to move through the consumer market into the hands of business users who demand the ability to use them in their business life because the devices are very helpful," Baker said.

"Theres no way for enterprises to stop these kind of things; users are bringing them in because they see a business rationale. Enterprises must find ways to allow people to use consumer devices securely, as banning them will only lead to people staging rebellions from within."

Next Page: Promising tools.