Cisco: Use of Unauthorized Devices a Growing IT Headache
A survey of IT professionals finds the growing use of iPhones and other personal mobile devices on corporate networks poses a security problem.
SAN BRUNO, Calif. -- Employees may covet and gain legitimate business value by using their personal smartphone at work, but the use of these devices on corporate networks is proving to be a hassle and, in some cases, a significant security issue for IT.
A Cisco-sponsored survey of 512 security professionals across five countries, including the U.S., also found that the unauthorized use of social networks raises similar issues.
The survey was conducted for Cisco (NASDAQ: CSCO) by InsightExpress and participants were screened to be sure they worked for companies with at least 100 employees. The results showed that the vast majority of what the study calls IT Security Decision Makers (ITSDMs) are engaged in some type of assessment to monitor employees' use of technology.
The most common assessment (at 63 percent) is being done to determine what security applications employees are running, while choice of operating system came in a close second at 58 percent. More than half (56 percent) of ITSDMs said they determined their employees use unsupported applications, with the U.S., China and Japan leading the way. Social network services, including Facebook (68 percent), were the most commonly used unauthorized applications.
Although Google (NASDAQ: GOOG) is marketing its Google Apps suite to enterprises, users don't always go through traditional IT channels or approval before using them. In Cisco's survey, about 60 percent of U.S. ITSDMs said they had "discovered" the unauthorized use of collaborative applications, such as Google Apps.
About 30 percent of ITSDMs (54 percent in Germany, the highest level) said unauthorized users pose the greatest risk to their organization.
When it comes to unauthorized network devices, such as smartphones, the risk has proven to be very real. About 40 percent of the ITSDMs surveyed said they'd experienced a breach or loss of information due to an unsupported network device. Germany was a major exception with 92 percent of the ITSDMs reporting they had not experienced a breach or loss due to an unsupported network device.
Gartner analyst Ken Dulaney said the growing use of unsupported devices is becoming a real headache for IT.
"About five times a week I hear from enterprise clients that are freaking out about the use of unauthorized mobile devices," Dulaney told InternetNews.com here at the Cisco event announcing the results of the research study. "Employees are getting really good at getting around whatever the company policy is."
Dulaney said Cisco and other vendors can help with mobile management and audit solutions that get this new generation of devices "on the table instead of under the table," so IT can see what's out there. "These smartphones and other devices that are being used, aren't behind the firewall and they're not encrypted so that's a real problem for IT," he added.
Cisco announced partnerships with mobile vendors including HTC, Samsung, Nokia and Palm, validating those vendor's devices as part of its "Borderless Networks" initiative to broaden the scope of its security solutions. Cisco said it hopes to expand Borderless Networks further with the help of developers in its Cisco Developer Network and additional partnership.
The initiative includes Cisco's recently introduced AnyConnect Secure Mobility which couples "always-on connectivity" with policy enforcement and reporting features.
Just say no?
Several speakers mentioned that many enterprises are reluctant to strictly forbid or enforce bans on unapproved social networks and mobile devices because they appeal to a younger generation of workers these firms want to attract and retain.
"You might ask, 'Why do I need to let these devices on the network? Should I just say no?'" said Fred Kost, director of security solutions marketing at Cisco. "It's a competitive market with companies hiring right out of universities. Over 70 percent of those surveyed said there is some impact from a policy of saying no."
From a strictly technical perspective, the majority of ITSDMs said their organization has a complete technical process in place to lock employees from all access if needed (74 percent) and restrictions on what employees bring onto the network (79 percent).
"There are two interesting problems: one is that the consumer is taking control of IT and the other is that the IT guy is resource-constrained," said Nokia Vice President Purnima Kochikar. "We're working with Cisco to solve this problem."
She added that traditional, behind-the-firewall security solutions aren't enough in increasingly mobile enterprises.
"Everything you thought was secure inside the firewall can be left behind in a taxi," warned Kochikar.