Enterprises Riding A Tiger With Consumer Devices | threatpost.
George Hulme highlights two technology trends which are increasing enterprise security risks – employee-owned smartphones and Web 2.0 applications including social networking.
Today, more than ever, employees are bucking efforts to be forced to work on stale and stodgy corporate notebooks, desktops or clunky, outdated mobile phones. They want to use the same trendy smart phones, tablets, or netbooks that they have at home for both play and work. And that, say security experts, poses a problem.
“If you prohibit access to the services people want to use for their jobs, they end up ignoring you and doing it from their own phone or netbook with their own data connection,” says Josh Corman, research director, security at the analyst firm 451 Group. “Workers are always going to find a way to share data and information more efficiently, and people will always embrace ways to do their job as effectively as possible.”
To control and mitigate the risks of using Web 2.0 applications and social networking, we’ve been recommending to and deploying for our clients Palo Alto Networks’ Next Generation Firewalls.
Palo Alto posted a well written response to Hulme’s article, Which is Riskier: Consumer Devices or the Applications in Use? Clearly, Palo Alto’s focus is on (1) controlling application usage, (2) providing intrusion detection/prevention for allowed applications, and (3) blocking the methods people have been using (remote access tools, external proxies, circumventors) to get around traditional network security solutions.
We have been big supporters of the thinking that the focus of information security must shift from protecting devices to protecting information. That is the core of the next generation defense-in-depth architecture we’ve assembled.
Corman agrees that the focus needs to shift from protecting devices to protecting data. “Security managers need to focus on the things they can control. And if they can control the computation platforms, and the entry and exit points of the network, they can control the access to sensitive data, regardless of who is trying to access it,” he says. Corman advises enterprises to deploy, or increase their focus on, technologies that help to control data access: file and folder encryption, enterprise digital rights management, role-based access control, and network segmentation.
Having said that, we are currently investigating a variety of new solutions directly aimed at bringing smartphones under enterprise control, at least for the enterprise applications and data portion of smartphone usage.