Feeds

Round up those wireless devices before they cause trouble

Stand up to consumerisation

Secure remote control for conventional and virtual desktops

Shiny new mobile gizmos are driving the consumerisation of IT. As a systems administrator, I am naturally wary.

Sure, it makes end-users happier, but they aren’t the ones who end up in front of the firing squad when security gets breached.

Users don’t care about security. They never have and they never will; it is an inconvenience to them.

Art of deception

Users view security in any form as either an impediment to productivity or an attempt at empire building. You can hold 1,000 seminars and try to educate them all you like but you won't change their minds.

So security must not be obvious. It has to lurk stealthily in the background where users don't notice it. And with the increasing use of consumer IT, this is forcing a change in network design.

Some users will consent to having their personal devices managed by mobile device management (MDM) software.

These are the people (treat them kindly) who make your life easier. Their acceptance of such programs minimises the possibility of you getting fired or going to jail to pay for end-user obstinacy or stupidity.

Perimeter patrol

These users – and their properly managed devices – can be allowed to play with the grown-ups and their devices treated as full-blown members of the network. They can use data locally on the device and their connection point into your network can occur behind the front-line defences.

What about the rest, the ones who probably got the whole consumerisation ball rolling in the first place through a protracted campaign of wailing and gnashing of teeth? They are least likely to agree to participate in a MDM scheme.

You have to have a plan to deal with refuseniks and troublemakers

If the IT department has been pushed into consumerisation, then it probably does not have the right to set corporate data security policy and cannot simply make acceptance of MDM software a requirement. So you have to have a plan to deal with refuseniks and troublemakers bearing untrusted endpoints.

Untrusted devices obviously can’t be allowed behind the perimeter defences, so you need to build out a set of connection points just outside your perimeter.

As most of the consumer devices brought into workplaces are mobile, the obvious choice is 802.11n Wi-Fi points. However, 4G usage is picking up, which means that very soon a goodly chunk of your network accesses will be coming across your internet links as well.

You have to bear in mind that users are likely to be doing more with those devices than simply holding an RDP connection into their corporate virtual machine.

They will be streaming media all day long – often the prime motivator behind consumerisation schemes in the first place – and using their local systems to perform internet research that is "faster" and "more familiar" when done on their personal device.

Over the edge

This means that each of these devices is going to be a big bandwidth draw. Combined with the increased internet demand from staff and customers, the edges of our networks will see an increased demand for capacity.

The day where we can demonstrate a real need for intrusion detection, firewall and packet inspection gear overseeing edge networks running at 10Gbit Ethernet (10GBE) is upon us. This requires an upgrade to our perimeter systems and an overhaul of the network to cope with demand.

Like virtualisation and cloud computing, the consumerisation of IT is not going away.

We can resist it for a time, but eventually we will all be trunking 10GBE out to the firewall. ®

Beginner's guide to SSL certificates

More from The Register

next story
Official: European members prefer to fondle Apple iPads
Only 7 of 50 parliamentarians plump for Samsung Galaxy S
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Space Commanders rebel as Elite:Dangerous kills offline mode
Frontier cops an epic kicking in its own forums ahead of December revival
Intel's LAME DUCK mobile chips gobbled by CASH COW
Chipzilla won't have money-losing mobe unit to kick about anymore
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
Ford's B-Max: Fiesta-based runaround that goes THUNK
... when you close the slidey doors, that is ...
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.