Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Mobile
    • PC Hardware
    • Storage

    Security: The Consumer Device Conundrum

    By
    Matt Hines
    -
    May 16, 2006
    Share
    Facebook
    Twitter
    Linkedin

      With the introduction of Palms newest Treo, Nokias partnership with Google for instant messaging on the handheld and BlackBerrys move into China, its clear that powerful devices abound, offering sophisticated capabilities both inside and outside the office.

      Enterprises must balance the promise of such products with the security implications they bring.

      When intellectual property expert and attorney Mark Halligan wants to show business leaders how easy it is for their employees to secretly walk out the door with important data, he simply shows them his watch and asks them to tell him what time it is.

      While the uninformed may simply gaze at the timepieces face and mutter some reading of its hours and minutes, those with a truly sharp eye catch on fast, because the seemingly innocuous wristwatch bears a USB connector that allows the device to download and store roughly 1GB of electronic information.

      The experts Dick Tracy-like gizmo might still be rare at this point, but the demonstration serves as a sobering reminder for even those firms already keeping a watchful eye on their employees behavior.

      Smart phones, digital music players and USB drives might help your workers feel happy and even be more productive, said the trade secret protection expert, but at the end of the day such consumer devices may pose a greater security risk than he feels most companies should be willing to stomach.

      “It costs more in the short run for companies to issue their own equipment, but in the long run its probably the best approach,” said Halligan, a principal in the Chicago-based law firm Welsh & Katz.

      /zimages/4/28571.gifClick here to read more about companies efforts to keep their networks secure during World Cup season.

      “With outside consumer devices, you need to build strict policies that police and limit the use of each individual technology, each device, or else someone will bring them into your operation and simply walk away with your data.”

      Industry watchers agree that enterprises are navigating largely uncharted seas as they attempt to strike a balance between allowing their workers to use new mobile hardware, while safeguarding their own interests.

      Solutions to the issue range from the crude—squirting hot glue into PCs USB ports to keep keychain fobs and iPods off the network—to the advanced—blending IT systems with physical security tools to actively monitor peoples behavior.

      One of the biggest issues in dealing with the explosion of consumer devices coming into the enterprise is companies growing dependence on employees experiences outside of the workplace in familiarizing themselves with emerging technologies.

      For instance, experts have long maintained that the adoption of smart phones, powerful handhelds with PC-like features and sizeable onboard memory, will be driven by peoples use of the devices outside work.

      Telling workers to leave their smart phones at home is counterproductive, said Steve Baker, analyst with NPD Group, Port Washington, N.Y. Banning them will extend the timeframe for moving this next generation of mobile devices into the corporate environment, he said.

      /zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      If IT administrators had banned Palms original PDAs out of security fears in the mid-1990s, we may not have the companys latest Treo smart phones today, he said.

      “These types of technologies tend to move through the consumer market into the hands of business users who demand the ability to use them in their business life because the devices are very helpful,” Baker said.

      “Theres no way for enterprises to stop these kind of things; users are bringing them in because they see a business rationale. Enterprises must find ways to allow people to use consumer devices securely, as banning them will only lead to people staging rebellions from within.”

      Next Page: Promising tools.

      Promising Tools

      As a result of the increasing seriousness of the problem, technology vendors are cooking up a wide range of tools aimed at helping companies at least control the manner in which consumer devices can be used within their walls or on their networks.

      Among the companies attempting to address the issue directly is Microsoft, which is promising tools that give IT administrators expanded capabilities for managing the use of device-control in its next-generation Vista operating system.

      Enhancements to the softwares Group Policy settings, which allow administrators to enforce configuration settings for individuals, groups and specific machines, claim the power to block access to removable devices such as CD-ROMs, DVD drives and USB tokens.

      “We talked to many enterprise customers, and they told us that they wanted an easier way to manage and protect corporate information assets,” said David Zipkin, a product manager at the Redmond, Wash.-based software giant.

      “One of the more common scenarios where intellectual property assets were compromised was by employees plugging in external storage devices into the corporate network and copying files.”

      Another potential answer to the security problems posed by consumer technologies is the use of applications such as Centennial Softwares DeviceWall, which creates a virtual “white list” of approved devices assigned to specified groups and individual users, which can be configured to automatically block any device not explicitly permitted by a firms policies.

      While Microsofts efforts in Vista address device-controls, Centennial officials said, DeviceWall goes one step further by directly protecting a companys databases at the same time.

      By tying someones device usage privileges directly to their user names and passwords, company officials say, there is little room left for people to secretly bypass programs meant to direct group policies, a feat they say isnt hard for experienced users to pull off.

      One company using DeviceWall is Motor Information Systems, a specialty automotive publishing company owned by Hearst Publishing, and based in Troy, Mich.

      Network Administrator Jeff Schmitt said his company has been using the application for six months to protect its wealth of editorial content, the lifeblood of Motors business.

      “We have some people who need to use USB ports to print information or download photos, but at the same time you appreciate the risk of having someone plug in their iPod and walk off with a gigabyte of data,” said Schmitt.

      /zimages/4/28571.gifTo read more about Everdreams service that aims to secure lost or stolen devices, click here.

      “This way we can allow people to have unique privileges based on their jobs, and even keep an eye on who is trying to attach something else to the network and warn them if theres a potential problem.”

      In fact, before announcing that the company had launched the new software, Motors IT department was able to turn on DeviceWall and find out which employees were already breaking policies and warn them about future transgressions, he said, which has eliminated most risky behavior altogether.

      Next Page: Blended tools.

      Blended Tools

      At the cutting edge of the device-monitoring field are some technologies that look to blend traditional facilities security tools like building cameras with IT operations.

      Since blocking a USB port does nothing to stop users from taking pictures of important documents with a camera phone, or even just making copies of sensitive paperwork to carry out, companies must consider becoming more like the Big Brother government of George Orwells classic “1984,” some experts said.

      One company marketing such tools is 3VR Security, which in April introduced the fourth iteration of its IVMS (Intelligent Video Management Systems), which promises to convert raw video from security cameras into a searchable database.

      The system promises to detect misuse and warn administrators if it appears that someone is stealing data, or attempting to log into computers or a data center where they do not have access privileges.

      “From both an IT and traditional security standpoint, theres a massive market for surveillance and video technologies and information management is the biggest problem customers have,” said Steven Russell, co-founder of 3VR.

      “In addition to giving companies the ability to say for sure who exactly was sitting at a certain computer when it accessed or downloaded some proprietary data, there is the ancillary benefit of having people know that they are being watched; it may sound obtrusive, but companies in the health care and financial services industries in particular have to consider that they can be held liable if they dont know where this information went.”

      Security experts recommend that the simplest way to limit the security implications of consumer devices in the enterprise is to establish clear user policies governing the use of such technologies, to the point where there is little question as to the exact details.

      Steve Hunt, analyst for 4A International, Chicago, a research firm studying the convergence of IT and traditional corporate security measures, believes that companies will ultimately be forced to convince workers that they are being constantly monitored in order to discourage people from believing they can get away with stealing information.

      “Companies need to create the same sort of atmosphere as the health clubs, where if you pull out a camera phone in the locker room, not only does management have a problem, but so will the person sitting next to you,” said Hunt.

      “It may seem sort of Draconian at first, but with all the devices that are finding their way into the office, it may someday be the only choice companies have.”

      Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×