Feeds

Round up those wireless devices before they cause trouble

Stand up to consumerisation

Securing Web Applications Made Simple and Scalable

Shiny new mobile gizmos are driving the consumerisation of IT. As a systems administrator, I am naturally wary.

Sure, it makes end-users happier, but they aren’t the ones who end up in front of the firing squad when security gets breached.

Users don’t care about security. They never have and they never will; it is an inconvenience to them.

Art of deception

Users view security in any form as either an impediment to productivity or an attempt at empire building. You can hold 1,000 seminars and try to educate them all you like but you won't change their minds.

So security must not be obvious. It has to lurk stealthily in the background where users don't notice it. And with the increasing use of consumer IT, this is forcing a change in network design.

Some users will consent to having their personal devices managed by mobile device management (MDM) software.

These are the people (treat them kindly) who make your life easier. Their acceptance of such programs minimises the possibility of you getting fired or going to jail to pay for end-user obstinacy or stupidity.

Perimeter patrol

These users – and their properly managed devices – can be allowed to play with the grown-ups and their devices treated as full-blown members of the network. They can use data locally on the device and their connection point into your network can occur behind the front-line defences.

What about the rest, the ones who probably got the whole consumerisation ball rolling in the first place through a protracted campaign of wailing and gnashing of teeth? They are least likely to agree to participate in a MDM scheme.

You have to have a plan to deal with refuseniks and troublemakers

If the IT department has been pushed into consumerisation, then it probably does not have the right to set corporate data security policy and cannot simply make acceptance of MDM software a requirement. So you have to have a plan to deal with refuseniks and troublemakers bearing untrusted endpoints.

Untrusted devices obviously can’t be allowed behind the perimeter defences, so you need to build out a set of connection points just outside your perimeter.

As most of the consumer devices brought into workplaces are mobile, the obvious choice is 802.11n Wi-Fi points. However, 4G usage is picking up, which means that very soon a goodly chunk of your network accesses will be coming across your internet links as well.

You have to bear in mind that users are likely to be doing more with those devices than simply holding an RDP connection into their corporate virtual machine.

They will be streaming media all day long – often the prime motivator behind consumerisation schemes in the first place – and using their local systems to perform internet research that is "faster" and "more familiar" when done on their personal device.

Over the edge

This means that each of these devices is going to be a big bandwidth draw. Combined with the increased internet demand from staff and customers, the edges of our networks will see an increased demand for capacity.

The day where we can demonstrate a real need for intrusion detection, firewall and packet inspection gear overseeing edge networks running at 10Gbit Ethernet (10GBE) is upon us. This requires an upgrade to our perimeter systems and an overhaul of the network to cope with demand.

Like virtualisation and cloud computing, the consumerisation of IT is not going away.

We can resist it for a time, but eventually we will all be trunking 10GBE out to the firewall. ®

Application security programs and practises

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Seventh-gen SPARC silicon will accelerate Oracle databases
Uncle Larry's mutually-optimised stack to become clearer in August
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.