Personal Device Use, a Security Nightmare

Friday, July 2, 2010 @ 02:07 PM gHale

Employees, and through them their employers, gain real business value by using their personal smartphone at work, but using these devices on corporate networks is becoming a significant security issue, according to a new survey.
In addition, the unauthorized use of social networks raises similar issues, according to a survey of 512 security professionals across five countries, including the U.S., sponsored by Cisco.
The survey respondents were IT Security Decision Makers that work toward an assessment in some way on how to monitor employees’ use of technology. [private]
The most common assessment, coming in at 63%, is to determine what security applications employees are running, while choice of operating system came in a close second at 58%. More than half, 56%, of the decision makers said they determined their employees use unsupported applications, with the U.S., China and Japan leading the way. Social network services, including Facebook at 68%, were the most commonly used unauthorized applications.
Although Google is marketing its Google Apps suite to enterprises, users don’t always go through traditional IT channels or approval before using their own equipment. In Cisco’s survey, about 60% of survey respondents in the U.S. said they had “discovered” the unauthorized use of collaborative applications, such as Google Apps.
About 30% of survey respondents, with 54% in Germany, the highest level, said unauthorized users pose the greatest risk to their organization.
When it comes to unauthorized network devices such as smartphones, the risk is very real.
About 40% of respondents said they’d experienced a breach or loss of information due to an unsupported network device. Germany was a major exception with 92% saying they had not experienced a breach or loss due to an unsupported network device.
Cisco partnered with mobile vendors including HTC, Samsung, Nokia and Palm, in an effort to validate those vendor’s devices as part of its “Borderless Networks” initiative to broaden the scope of its security solutions. Cisco said it hopes to expand Borderless Networks further with the help of developers in its Cisco Developer Network and additional partnership.
The initiative includes Cisco’s AnyConnect Secure Mobility program, which couples “always-on connectivity” with policy enforcement and reporting features.
On the technical end, respondents said their organization has a complete process in place to lock employees from all access if needed, at 74%, and restrictions on what employees bring onto the network, 79%. [/private]

Leave a Reply

You must be logged in to post a comment.