Employee gadgets pose security risk to companies
iPods, smart phones, digital cameras and other gadgets pose a real security risk to organizations. IT managers are looking for solutions.
Smart phones, handheld computers, thumb drives, digital cameras, iPods and other MP3 players can all connect to computers. That's fine when used at home, but when connected to a work PC, the devices can pose a serious risk, said Norm Laudermilch, chief security officer at Trust Digital, a McLean, Va., mobile security vendor.
Connecting the gadgets to work PCs could lead to a number of unwanted scenarios, Laudermilch said. For example, malicious code that crept onto the device at home could enter the corporate network unseen by the firewall or intrusion detection software, he said.
Also, a disgruntled employee could copy confidential information to the device and walk out with it. Classified information on a mobile device could be a business risk even when used by loyal workers, when their gadget is lost or stolen, for example.
Laudermilch spoke at the annual Computer Security Institute conference here. When he asked the room filled with security professionals if they thought mobile devices were an issue, the vast majority raised their hands.
The advent of mobile devices has changed the way security professionals should think about securing their networks, Laudermilch said. That's because networks change all the time, with different types of devices being added and removed, he said.
"Things change very quickly when devices are so small and just walk onto your network," Laudermilch said. "Your network perimeter is where your data is. I don't care if it is somebody walking in Paris, or somebody sitting at home. The security perimeter has drastically changed."
He also highlighted challenges in securing the portable gear. For one, they all run different operating systems. "We have all been training about the right things and wrong things to do with the Windows operating system," Laudermilch said. For smart phones alone there are at least four common systems: Palm, Windows, BlackBerry and Symbian.
Also complicating security is that new devices come out constantly, with different features. When it comes to phones, operators install their own software image on the hardware, Laudermilch said.
An upcoming class of software can help organizations manage devices on their network, or block the gadgets from connecting altogether. Many of the applications also encrypt data on devices, for security in case of loss or theft. Trust Digital sells such products, as do a host of other companies.
Gartner says mobile data security is a tiny market, but such products are needed to protect user privacy and fulfill audits, according to the analysts. Small incumbent vendors dominate the space, Gartner said in a July report.
"Mobile security today is a buzzword. Tomorrow, six months or a year from now, it is going to be just security. Everything is going mobile," Laudermilch said