Androids and iPads: Network security's last stand?

You're damned if you allow consumer devices, and damned if you don't; either way, establish security policies now

More and more companies are allowing their employees to use any computing device they like and no longer mandating which computer and devices the company will support. This consumerization of corporate computers is embraced by end-users, who love the idea of bringing their iPads to work, but it should be disturbing for most IT security shops.

Bring-your-own-computer has been on the rise for many years, but new, feature-rich devices are pushing the envelope even faster. Certainly Apple's iMacs and iPads have a lot to do with it these days. In the past, most corporations would not consider supporting Apple computers (or only in limited pockets, like marketing) because Macs didn't support the majority of the corporation's applications and couldn't be easily secured and controlled. But over the last few years, the Macs have breached the gates. In fact, the CEO and IT technicians are the ones most likely to be running Apple computers in their environments, often directly against corporate policies, and even risking disciplinary action in doing so.

[ Enterprise-grade security and manageability aren't exclusive to BlackBerry. See "Mobile management: How iPhone, Android, Windows Phone 7, and the rest stack up." | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Apple's iPads are popping up all over the place these days. I'm seeing iPads in almost every corporate environment I visit, and I expect this is just the trickle before the flood. It seems that every software vendor pitching a new product shows how their application also runs on an iPad. Companies may mandate that their employees only use BlackBerry phones for corporate business, but it's hard to keep iPhones and Droids from appearing at work or to prevent corporate email from finding its way to these phones. The same goes for the iPad and other tablets. Portable consumer devices of every description are invading the corporate network.

The slippery slope of mobile device support

Many early adopters of the bring-your-own-device paradigm have simply changed their support policies to recommend certain devices and brands, but allow outliers to use nonstandard hardware as long as they understand it is not officially supported. Those policies have often morphed into official direct support, outsourcing support to third parties, or making a "best effort" at support but with no guarantees.

Over the coming months, there is likely to be a stronger and stronger push to support multiple platforms and brands in your environment. First, it's getting harder to tell users that their preferred device can't do the job. Never before have so many mobile platforms supported such a high level of functionality -- capable Web browsers, enterprise email and calendar integration, large numbers of compelling native apps, and (slowly but surely) even viable management tools.

Second, virtualization allows one platform or product to run on another. Many Mac owners are happy with running Windows virtualized, allowing them to get the best of both worlds, while conforming to the demands of the business. Of course, IT and security admins know that running two platforms, whether virtualized or not, incurs higher support costs and challenges. A virtualized system needs to be maintained just like a physical system, and it has to run every security program a real system does. On top of that, it introduces additional, guest-to-host and guest-to-guest security issues.

Third, cloud computing and Web 2.0 functionality make it increasingly likely that your future applications and services will run in a browser. Gradually, what used to run on only one platform will run on several.

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies