Is that a USB in your pocket?

Through 2007 IT needs to prepare itself for an onslaught of unmanaged IP enabled devices as millions of users plug in new computers, USB drives, music/video players, handheld mobile devices, and even the stray game console into enterprise networks. In addition to new shiny objects many users will install applications like iTunes, VoIP, multi-player games, and all manner of non-compliant software on their enterprise-owned computers, all of which introduce security risks, complicates support groups, and creates instability for compliance initiatives.

Consumer products are becoming more sophisticated and in many cases support Internet connectivity, data-synchronization with computers and significant data storage capabilities. Allowed or not, consumer products are creating an increasingly hostile device population and they should be treated as such. The ability to secure and manage any asset connecting to the enterprise network, or block access all together, is critical to limiting the security risk of these products and to increase the ability for organizations to manage their networks against them.

The evolving threat environment has also shifted the focus of the attackers from systems to data. As data has become more digitized and transient and as more unmanaged assets take advantage of corporate network services IT has become ineffective in protecting corporate data. A new wave of consumer devices and non-compliant applications creates an environment where protecting data from theft or breach, which results in undermining consumer and investor confidence, becomes critical to the business.

Bottom Line: Consumer products are invading corporate networks and IT must implement processes and technologies to define and enforce usage policies, support security configuration baselines, enforce application control and treat non-managed assets as hostile until proven otherwise.

One thought on “Is that a USB in your pocket?

  1. User-centric data access controls (not network access controls) that we provide in our MLS/TOS product, means that all data access is governed by a “white list”.

    If you are not on the list you get nothing, period!

    If you are a privileged user, then you may access data and use any device that is also approved, providing the data is not deemed sensitive, secret, classified or whatever. That is, unclassified data can be copied to any device where allowable, but sensitive data will simply not be allowed to be copied no matter what device the authorized user tries.

    In a deny-by-default environment, access attempts by unrecognized devices and unauthorized users simply fall off the system as non-events.

    This is the direction that security must go to deal with this issue.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s