Feeds

Round up those wireless devices before they cause trouble

Stand up to consumerisation

Internet Security Threat Report 2014

Shiny new mobile gizmos are driving the consumerisation of IT. As a systems administrator, I am naturally wary.

Sure, it makes end-users happier, but they aren’t the ones who end up in front of the firing squad when security gets breached.

Users don’t care about security. They never have and they never will; it is an inconvenience to them.

Art of deception

Users view security in any form as either an impediment to productivity or an attempt at empire building. You can hold 1,000 seminars and try to educate them all you like but you won't change their minds.

So security must not be obvious. It has to lurk stealthily in the background where users don't notice it. And with the increasing use of consumer IT, this is forcing a change in network design.

Some users will consent to having their personal devices managed by mobile device management (MDM) software.

These are the people (treat them kindly) who make your life easier. Their acceptance of such programs minimises the possibility of you getting fired or going to jail to pay for end-user obstinacy or stupidity.

Perimeter patrol

These users – and their properly managed devices – can be allowed to play with the grown-ups and their devices treated as full-blown members of the network. They can use data locally on the device and their connection point into your network can occur behind the front-line defences.

What about the rest, the ones who probably got the whole consumerisation ball rolling in the first place through a protracted campaign of wailing and gnashing of teeth? They are least likely to agree to participate in a MDM scheme.

You have to have a plan to deal with refuseniks and troublemakers

If the IT department has been pushed into consumerisation, then it probably does not have the right to set corporate data security policy and cannot simply make acceptance of MDM software a requirement. So you have to have a plan to deal with refuseniks and troublemakers bearing untrusted endpoints.

Untrusted devices obviously can’t be allowed behind the perimeter defences, so you need to build out a set of connection points just outside your perimeter.

As most of the consumer devices brought into workplaces are mobile, the obvious choice is 802.11n Wi-Fi points. However, 4G usage is picking up, which means that very soon a goodly chunk of your network accesses will be coming across your internet links as well.

You have to bear in mind that users are likely to be doing more with those devices than simply holding an RDP connection into their corporate virtual machine.

They will be streaming media all day long – often the prime motivator behind consumerisation schemes in the first place – and using their local systems to perform internet research that is "faster" and "more familiar" when done on their personal device.

Over the edge

This means that each of these devices is going to be a big bandwidth draw. Combined with the increased internet demand from staff and customers, the edges of our networks will see an increased demand for capacity.

The day where we can demonstrate a real need for intrusion detection, firewall and packet inspection gear overseeing edge networks running at 10Gbit Ethernet (10GBE) is upon us. This requires an upgrade to our perimeter systems and an overhaul of the network to cope with demand.

Like virtualisation and cloud computing, the consumerisation of IT is not going away.

We can resist it for a time, but eventually we will all be trunking 10GBE out to the firewall. ®

Intelligent flash storage arrays

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
All aboard the Poo Bus! Ding ding, route Number Two departing
Only another three days of pooing and I can have a ride!
Heyyy! NICE e-bracelet you've got there ... SHAME if someone were to SUBPOENA it
Court pops open cans of worms and whup-ass in Fitbit case
Official: European members prefer to fondle Apple iPads
Only 7 of 50 parliamentarians plump for Samsung Galaxy S
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Space Commanders rebel as Elite:Dangerous kills offline mode
Frontier cops an epic kicking in its own forums ahead of December revival
The IT Crowd's internet in a box gets $240k of crowdcash for a cause
'Outernet' project proposes satellite-fuelled 'Lantern' WiFi library for remote areas
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.