IT paranoia No. 4: Gadget fever will infect your network
Remember that well-defined perimeter you established around your network to keep good data in and the bad guys out? It's melted like cotton candy in the mouth of a five-year-old. You can thank the Apple iPhone and its mobile cousins for breaching the great corporate barrier against personal smartphone use in the workplace environment.
"Mobile devices are coming at us faster than any technology since the rock," says Winn Schwartau, chairman of the board for Mobile Application Development Partners and founder of InfoWarCon. "It's scaring the bejesus out of IT organizations that do not know how many rogue devices they have connected to their network or how badly they are out of compliance. They're scared out of their minds about this."
[ Find out how best to manage your mobile infrastructure with the InfoWorld Mobile 2.0 Deep Dive Report | | Keep up on key mobile developments and insights with the Mobilize newsletter. ]
What can go wrong? Devices containing sensitive data can be lost, stolen, or compromised by malware. As with infected PCs or laptops, the entire network can be at risk.
"The app store is the best hostile code delivery system ever invented," says Schwartau.
Your options aren't pretty. Banning consumer devices in the work place? Good luck with that, says Scott Archibald, a managing director for Bender Consulting.
"Like it or not, mobile is a reality -- in both our personal and professional lives," says Archibald. "Many companies are still trying to implement policies and regulations that keep personal devices off the enterprise network. That's a dead end. Gen Y doesn't make a distinction between using a smartphone for personal reasons or professional reasons. The sooner policies are created and frameworks are implemented to positively integrate mobile technologies into the enterprise, the better."
Issue secure devices to every employee? It's a costly option that probably still won't keep them from using their own devices if they can. Or you can expand the security of your enterprise by adding BlackBerry BES-like controls around these consumer devices that allow them to safely handle sensitive data via tools like encryption, secure tunnels for connecting to the Internet and the enterprise, content filtering, managed firewalls, and remote-wipe capability, says Schwartau.
"Absolutely no data should ever sit unprotected on a mobile device," says Dan Zeck, CTO for Antenna Software, a mobile enterprise solutions vendor. "A minimum of two-factor authentication with a timeout to reset the log-in should be required for any mobile-based application. This would help mitigate the issue of stealing data sitting on any device."
Even then you run the risk of data pollution, where employees inadvertently share sensitive corporate information over a public network.
"The introduction of multifunctional advanced devices is yet another example of why the perimeter extends no further than each individual device," notes Steve Santorelli, director of global outreach for Team Cymru (pronounced "kum-ree"), a nonprofit Net security research team. "What keeps me up at night is all the stuff that goes on unnoticed day in and day out right under our noses." The insider is you, and you may not even know it.