Feeds

Round up those wireless devices before they cause trouble

Stand up to consumerisation

Choosing a cloud hosting partner with confidence

Shiny new mobile gizmos are driving the consumerisation of IT. As a systems administrator, I am naturally wary.

Sure, it makes end-users happier, but they aren’t the ones who end up in front of the firing squad when security gets breached.

Users don’t care about security. They never have and they never will; it is an inconvenience to them.

Art of deception

Users view security in any form as either an impediment to productivity or an attempt at empire building. You can hold 1,000 seminars and try to educate them all you like but you won't change their minds.

So security must not be obvious. It has to lurk stealthily in the background where users don't notice it. And with the increasing use of consumer IT, this is forcing a change in network design.

Some users will consent to having their personal devices managed by mobile device management (MDM) software.

These are the people (treat them kindly) who make your life easier. Their acceptance of such programs minimises the possibility of you getting fired or going to jail to pay for end-user obstinacy or stupidity.

Perimeter patrol

These users – and their properly managed devices – can be allowed to play with the grown-ups and their devices treated as full-blown members of the network. They can use data locally on the device and their connection point into your network can occur behind the front-line defences.

What about the rest, the ones who probably got the whole consumerisation ball rolling in the first place through a protracted campaign of wailing and gnashing of teeth? They are least likely to agree to participate in a MDM scheme.

You have to have a plan to deal with refuseniks and troublemakers

If the IT department has been pushed into consumerisation, then it probably does not have the right to set corporate data security policy and cannot simply make acceptance of MDM software a requirement. So you have to have a plan to deal with refuseniks and troublemakers bearing untrusted endpoints.

Untrusted devices obviously can’t be allowed behind the perimeter defences, so you need to build out a set of connection points just outside your perimeter.

As most of the consumer devices brought into workplaces are mobile, the obvious choice is 802.11n Wi-Fi points. However, 4G usage is picking up, which means that very soon a goodly chunk of your network accesses will be coming across your internet links as well.

You have to bear in mind that users are likely to be doing more with those devices than simply holding an RDP connection into their corporate virtual machine.

They will be streaming media all day long – often the prime motivator behind consumerisation schemes in the first place – and using their local systems to perform internet research that is "faster" and "more familiar" when done on their personal device.

Over the edge

This means that each of these devices is going to be a big bandwidth draw. Combined with the increased internet demand from staff and customers, the edges of our networks will see an increased demand for capacity.

The day where we can demonstrate a real need for intrusion detection, firewall and packet inspection gear overseeing edge networks running at 10Gbit Ethernet (10GBE) is upon us. This requires an upgrade to our perimeter systems and an overhaul of the network to cope with demand.

Like virtualisation and cloud computing, the consumerisation of IT is not going away.

We can resist it for a time, but eventually we will all be trunking 10GBE out to the firewall. ®

Website security in corporate America

More from The Register

next story
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
Your chance to WIN the WORLD'S ONLY HANDHELD ZX SPECTRUM
Reg staff not allowed to enter, god dammit
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Monitors monitor's monitoring finds touch screens have 0.4% market share
Not four. Point four. Count yer booty again, Microsoft
Getting to the BOTTOM of the great office seating debate
Belay that toil, me hearty, and park your scurvy backside
Hey, Mac fanbois. HGST wants you drooling over its HUGE desktop RACK
What vast digital media repository could possibly need 64 TERABYTES?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.