Protecting the Enterprise from Users' New, Cool Tools
As employees head back to the office, many of them will be coming in with new, cool gadgets in hand -- straight from Santa's sack. Could these new smart phones, PDAs and MP3 players be a security risk? Yes, they can, and here's what to do about it.
That is, all those users are bringing all the cool new electronic gadgets they received as holiday gifts.
The cool gadgets this year span a broad spectrum: PDAs, USB memory sticks, personal MP3/media players, smart mobile phones (many with cameras built in), wireless adapters, Bluetooth devices and digital cameras. The two common themes in the above list are memory capacity and data connectivity, and those two ingredients can add up to significant security risks for your business.
Now, I'm as much a ''gadget guy'' as anyone I know, and truth be told, there is great business benefit to be gained from most of these devices. PDAs can be enormously useful at organizing a busy business, along with schedules and priorities, both professional and personal. USB memory sticks have all but done away with floppy and Zip disks. Even those personal MP3 players can make long business flights a little less intolerable -- trust me!
You can be sure that corporate users are going to try to integrate these cool devices into their work lives. Your job is to enable that to happen -- to the extent that you feel is reasonable, -- while safeguarding your company's business concerns. So, just what are the threats from these devices? Let's take a quick look and separate the reality from the FUD (Fear, Uncertainty, and Doubt) that litters the popular press.
All of these risks are quite real.
The likelihood of them affecting your company depends on a whole bunch of things. Without a doubt, the decision of whether or not to accept these devices in the workplace must be made by each company after carefully considering the potential benefits of allowing these gadgets against the potential risks they would carry.
There are a few things that you can consider doing, however, that should reduce -- although not eliminate -- the risks. Here's my list:
It should be obvious that this list is just a quick ''fly by'' of some of the possible remediations that you can consider. And, of course, there's no substitute for other good computing hygiene practices, such as anti-virus software and personal firewall devices.
The main point I'm trying to make is that the gadgets are inevitable. Ignoring them won't make them go away.
Similarly, there aren't any perfect solutions that remove all of the threats that go along with them. But your users are going to want to use them, for good and valuable business reasons in many cases. You can prohibit them if that's what your computing environment requires, or you can find ways to reduce the risk and embrace them.
As for me, you'd have to pry my PDA and USB drive from my cold, dead hands.