Security: The Consumer Device ConundrumBy Matt Hines | Posted 2006-05-16 Email Print
News Analysis: With workers carrying a growing array of consumer devices capable of storing large amounts of data, enterprises are being forced to rethink their IT policies to protect themselves from vulnerabilities.
With the introduction of Palm's newest Treo, Nokia's partnership with Google for instant messaging on the handheld and BlackBerry's move into China, it's clear that powerful devices abound, offering sophisticated capabilities both inside and outside the office.
Enterprises must balance the promise of such products with the security implications they bring.
When intellectual property expert and attorney Mark Halligan wants to show business leaders how easy it is for their employees to secretly walk out the door with important data, he simply shows them his watch and asks them to tell him what time it is.
While the uninformed may simply gaze at the timepiece's face and mutter some reading of its hours and minutes, those with a truly sharp eye catch on fast, because the seemingly innocuous wristwatch bears a USB connector that allows the device to download and store roughly 1GB of electronic information.
The expert's Dick Tracy-like gizmo might still be rare at this point, but the demonstration serves as a sobering reminder for even those firms already keeping a watchful eye on their employees' behavior.
Smart phones, digital music players and USB drives might help your workers feel happy and even be more productive, said the trade secret protection expert, but at the end of the day such consumer devices may pose a greater security risk than he feels most companies should be willing to stomach.
"It costs more in the short run for companies to issue their own equipment, but in the long run it's probably the best approach," said Halligan, a principal in the Chicago-based law firm Welsh & Katz.
"With outside consumer devices, you need to build strict policies that police and limit the use of each individual technology, each device, or else someone will bring them into your operation and simply walk away with your data."
Industry watchers agree that enterprises are navigating largely uncharted seas as they attempt to strike a balance between allowing their workers to use new mobile hardware, while safeguarding their own interests.
Solutions to the issue range from the crudesquirting hot glue into PCs' USB ports to keep keychain fobs and iPods off the networkto the advancedblending IT systems with physical security tools to actively monitor people's behavior.
One of the biggest issues in dealing with the explosion of consumer devices coming into the enterprise is companies' growing dependence on employees' experiences outside of the workplace in familiarizing themselves with emerging technologies.
For instance, experts have long maintained that the adoption of smart phones, powerful handhelds with PC-like features and sizeable onboard memory, will be driven by people's use of the devices outside work.
Telling workers to leave their smart phones at home is counterproductive, said Steve Baker, analyst with NPD Group, Port Washington, N.Y. Banning them will extend the timeframe for moving this next generation of mobile devices into the corporate environment, he said.
If IT administrators had banned Palm's original PDAs out of security fears in the mid-1990s, we may not have the company's latest Treo smart phones today, he said.
"These types of technologies tend to move through the consumer market into the hands of business users who demand the ability to use them in their business life because the devices are very helpful," Baker said.
"There's no way for enterprises to stop these kind of things; users are bringing them in because they see a business rationale. Enterprises must find ways to allow people to use consumer devices securely, as banning them will only lead to people staging rebellions from within."
Read the full story on eWEEK.com: Security: The Consumer Device Conundrum