Search
Advertisement

Business

Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Strategies

Addicted to Devices

By Jodi Mardesich

In the early days of computers, technology was adopted first in businesses, and from there it made its way into homes. These days, the tables have turned. Personal technology, such as Bluetooth headsets, thumb drives, and iPods, first adopted by consumers and individuals, are appearing in the workplace. This rise in the use of personal technologies in the office is a cause for concern among organizations. While these technologies often provide benefits and can improve the workplace environment, CIOs need to understand that they also carry potential risks.

Consider the impact of Bluetooth devices, which enable wireless, short-range communication between many different devices -- from mobile phones to headsets to file transfers between PCs, laptops, and other devices. Almost 33 million Bluetooth devices shipped in 2005, according to market research firm In-Stat, which expects more than 55 million such devices to have shipped in 2006. Mobile phones and headsets are leading the way in Bluetooth adoption. Makers of Bluetooth-enabled devices say the communication protocol is secure, yet high profile hacking of Bluetooth devices has been documented, a situation sure to worry security-conscious CIOs. 

"IT organizations struggle with the often-competing issues of control and empowerment," says David Mitchell Smith, a Gartner analyst. However, he says IT managers should consider the potential benefits of consumer technologies, "whether the enterprise wants them to or not."

Gartner believes that consumer-oriented technology will pave the way for the most significant IT tools through 2030. CIOs should be at the forefront of developing sensible usage policies, combined with network monitoring and employee buy-in.

Benefits in connectivity, storage, and ease of use
Pure and simple, consumer devices offer benefits. In the case of Bluetooth, those benefits are in wireless, secure connectivity between devices. With iPods, employees may perceive it as part of a more enjoyable work environment. Thumb drives provide an organization with easy and cheap storage, as well as a simple, compact way to carry important files. As the lines blur between home and office, consumers who use these tools at home are part of a new generation of workers that expect to use the same tools at work. IT departments should familiarize themselves with the new technologies so that when they do appear in the workplace, they can manage them and adapt them for use in the enterprise.

Case in point: the consumer-geared iPod nano, with its use of flash memory, is more sophisticated than most of the devices being brought into the business workplace, Smith says. And the cell chip in the Sony PlayStation Portable is far more sophisticated than the chip in many PDAs used in the workplace. Tiny thumb drives can be used as a method of backup. In some cases, they can be a cheap alternative to laptops.

Threats posed in unauthorized data transfer
Yet the same technology that can be seen as a boon by employees can become a headache for IT management. iPods make workers happy playing music, but the same device can be used to transfer data. These devices can store up to 60 gigabytes of data, and can walk away in minutes, says Forrester analyst Paul Jackson.  "It's a lot more difficult to spot someone carrying a USB stick than a stack of floppy disks," he says. "Any data introduced from these storage devices on to the corporate network may bypass firewalls, antivirus software, and other countermeasures -- potentially causing significant damage."

Thumb drives, the small devices the size of a thumb that plug into USB drives, can also hold gigabytes of data. They can enter the workplace unnoticed, and leave just as secretly. They are also easily lost or stolen. According to Vontu, a data security company, more than half of 484 technology workers polled said that thumb drives house confidential, unprotected information, and 20% of the respondents said that at least one of the tiny devices is lost at work each month.

In the case of wireless devices, while data is transferred less quickly than via a thumb drive, Blackberrys, Treos, and other devices used in the work environment can become security threats when they connect to unprotected networks, such as in a caf‚ while the worker is at lunch.

Here are some steps that CIOs can take to protect the organization:

  • Set policies for what can be used and how Thumb drives can be kept in check by protecting USB ports from using them. Software can be used to create policies for which devices can and cannot work with PCs, so that a thumb drive won't work but a printer or other approved device can. CIOs might want to provide approved thumb drives for use, such as a biometric device from SanDisk that uses fingerprints as a form of security -- the manufacturer guarantees that only the owner of the device can access data stored on it. "Tell employees what devices are acceptable, how they can use them, and why you're implementing the policy," Jackson says.
  • Educate employees People will comply if they understand the threats and IT's reasons for limiting the use of devices. Be sure to enforce policies. Gartner's Smith suggests changing the enterprise's approach to security. "Rather than trying to make a secure perimeter and keep all this consumer technology out, you should assume a hostile networking environment and drive security deeply and broadly into everything you do," Smith says.
  • Monitor access to corporate data Traditional security measures and technologies such as firewalls, intrusion detection and security information management systems can be used to detect and prevent internal breaches, Jackson says. "Use authentication, VPN, and network quarantine technologies to build policy enforcement into the network itself to be sure that only trusted people and devices can access it."
  • Learn from people with more experience Include young people who aren't yet working. "Create internal advisory groups that include leading-edge and mainstream users, as well as new entrants into the workforce," Smith says.

Employees will continue to buy and use consumer technologies in the workplace. "Attempts by enterprises to keep it out of the enterprise are inevitably doomed to failure, just as previous attempts to deny Wi-Fi, 'smart' mobile phones, the Internet, and even the PC itself failed," Smith says. CIOs would be wise to keep an eye on developments in home markets, using what works to enhance the work environment, while setting policies and educating users about the potential risks and threats.

Jodi Mardesich writes about business and technology. Her writing has appeared in The New York Times, Fortune, San Jose Mercury News, Salon, and Slate.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"IT organizations struggle with the often-competing issues of control and empowerment."

-- David Mitchell Smith, a Gartner analyst
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.

© MMIX, CBS Broadcasting Inc. All Rights Reserved.