WASHINGTON--The many gadgets carried around by workers today pose a real security risk to organizations and require action, session attendees at a security conference agreed Tuesday.
Smart phones, handheld computers, thumb drives, digital cameras, iPods and other MP3 players can all connect to computers. That's fine when used at home, but when connected to a work PC, the devices can pose a serious risk, said Norm Laudermilch, chief security officer at Trust Digital, a McLean, Va., mobile security vendor.
Connecting the gadgets to work PCs could lead to a number of unwanted scenarios, Laudermilch said. For example, malicious code that crept onto the device at home could enter the corporate network unseen by the firewall or intrusion detection software, he said.
Also, a disgruntled employee could copy confidential information to the device and walk out with it. Classified information on a mobile device could be a business risk even when used by loyal workers, when their gadget is lost or stolen, for example.
Laudermilch spoke at the annual Computer Security Institute conference here. When he asked the room filled with security professionals if they thought mobile devices were an issue, the vast majority raised their hands.
The advent of mobile devices has changed the way security professionals should think about securing their networks, Laudermilch said. That's because networks change all the time, with different types of devices being added and removed, he said.
"Things change very quickly when devices are so small and just walk onto your network," Laudermilch said. "Your network perimeter is where your data is. I don't care if it is somebody walking in Paris, or somebody sitting at home. The security perimeter has drastically changed."
He also highlighted challenges in securing the portable gear. For one, they all run different operating systems. "We have all been training about the right things and wrong things to do with the Windows operating system," Laudermilch said. For smart phones alone there are at least four common systems: Palm, Windows, BlackBerry and Symbian.
Also complicating security is that new devices come out constantly, with different features. When it comes to phones, operators install their own software image on the hardware, Laudermilch said.
An upcoming class of software can help organizations manage devices on their network, or block the gadgets from connecting altogether. Many of the applications also encrypt data on devices, for security in case of loss or theft. Trust Digital sells such products, as do a host of other companies.
Gartner says mobile data security is a tiny market, but such products are needed to protect user privacy and fulfill audits, according to the analysts. Small incumbent vendors dominate the space, Gartner said in a July report.
"Mobile security today is a buzzword. Tomorrow, six months or a year from now, it is going to be just security. Everything is going mobile," Laudermilch said
So their security mantra is to "run one OS", which I gather is supposed to be Windows, then all will be well with the world? How are iPods and PDA's any different from CD-R's, floppies, zip drives, etc.?
Most email webmail accounts allows a few gigs of storage too...
The fact is, unless the user is disconnected from nearly every peripheral and the internet (and they didn't bring anything to write with)there is a risk. But in the scheme of things this is a persistent low ranking one.
Back in the days of the first pentium, it was easy to stop people from copying stuff onto a disk, simply remove the disk drive. Now, it's just too easy to copy files to a usb drive or some other device or even just send it to yourself using the internet.
To really be 100% safe, data has to be paired with software so with out the proper software, the data can't be read and the proper software won't run on any machine, but only a work machine. That way people can have their toys and IT doesn't have to worry about people stealing data or software for that matter.
What's easier? Copying 4 Gigs of sensitive corporate material onto an iPod, or printing it all out onto paper?
And what would do more damage to a company? Printing out some expense reports or internal financial information, or performing a backup of a SQL DB onto an iPod and taking a companies complete sales history and customer list?
Great, ban all the media and gadgets you want - they are not the issue. If I want to take information out the front door of a company I can do it without using technology. Paper makes a nice medium. Most companies have guards that "inspect" stuff going out the door which means they glance at things from 5 feet away. Unless you follow a nothing in/nothing out policy you are going to have potential leakage.
Further, many companies, including the one I work for, have employees that use company laptops, mobile phones, etc. That represents a huge opportunity for leakage as well.
Train your people on what the issues are, give them reasonable policies that allow them to bring music players, etc into work, and by and large people will make the right choices.
Human behaviour is the risk, not the gadget. Following the same line of reasoning you could ban cars, airplanes, McDonalds, chewing gum and stairs. Come on C|Net, we can expect SOME intelligence with your reporters?
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Answer: they all run alternatives to Windows.
To really be 100% safe, data has to be paired with software so with out the proper software, the data can't be read and the proper software won't run on any machine, but only a work machine. That way people can have their toys and IT doesn't have to worry about people stealing data or software for that matter.
Nothing new here ... just a little easier now.
This is one of THE stupidest stories this week.
What the ---ck are you talking about. Lets ban, all media ... PAPER POSES A SECURITY RISK ...
This story is just dumb, dumb and dumber. C/NET hire some REAL reporters.
And what would do more damage to a company? Printing out some expense reports or internal financial information, or performing a backup of a SQL DB onto an iPod and taking a companies complete sales history and customer list?
issue. If I want to take information out the front door of a
company I can do it without using technology. Paper makes a
nice medium. Most companies have guards that "inspect" stuff
going out the door which means they glance at things from 5
feet away. Unless you follow a nothing in/nothing out policy you
are going to have potential leakage.
Further, many companies, including the one I work for, have
employees that use company laptops, mobile phones, etc. That
represents a huge opportunity for leakage as well.
Train your people on what the issues are, give them reasonable
policies that allow them to bring music players, etc into work,
and by and large people will make the right choices.
I think they call it trust.