An array of portable communication nick-nacks and social media sources leave companies open to attack
At first glance there would appear to be little to connect Apple’s iPad and the Greek’s Trojan horse. After all, centuries separate the two creations. The Trojan horse described in Virgil’s Latin epic poem The Aeneid was wheeled into Troy in the Bronze Age: Apple’s much-hyped tablet device signifies cutting-edge, 21st-century computing technology.
But the two creations are indeed linked. The Trojan horse was wheeled into Troy after the Greeks pretended to give up their ten-year siege. It contained soldiers who were able to open the gates to their hidden army, who as we know, went on to sack the city.
Though not made of wood, horse-shaped, or containing hidden Greek warriors, the seemingly innocuous iPad together with a gaggle of smartphones, PDAs, netbooks, laptops, media players and other portable consumer electronics products will similarly, inevitably be welcomed into businesses. But when connected to business-critical computers and networks, they will open what could be potentially dangerous back doors to malware and cybercriminal attacks.
The phenomenon of consumer IT entering businesses in this way is far from new and the powerhouse behind the trend currently is, of course, the internet, which is facilitating the convergence of computers and traditional consumer technologies such as video and music. But the trend is gaining momentum. Ever more powerful and sophisticated consumer devices that are widely distributed today constitute a potent and growing threat.
Portable devices that have enough memory for high-definition videos also have enough memory to harbour malware and discreetly steal sensitive data. Staff setting up unauthorised WiFi networks in offices has long been problematic, as hackers can exploit the soft underbelly presented by poorly-secured wireless equipment.
And it is not just consumer hardware that poses a clear and present danger. Let’s not forget the use of consumer websites and applications in the office. MySpace and Facebook are insanely popular as are web-based email accounts such as Hotmail or Gmail. Instant Messaging (IM) services such as Aim, Googletalk, Windows Messenger and suchlike are similarly ubiquitous. The fast-growing trend of delivering software over the internet cloud means companies are running many applications on their systems that they do not know about and cannot control.
The obvious answer is to simply block these devices and websites. If staff were blocked from connecting their phones and media players to work PCs, and could only access approved websites, the potential for malware, hackers and cybercriminals to infiltrate is greatly reduced.
But the obvious answers are often not the right answers. In the case of consumer electronics, a prohibition approach is likely to be as successful as banning alcohol in 1920s America. Technology and business experts agree that the genie cannot be put back into the bottle.
Indeed, consumer-orientated technology is here, it’s not going away and businesses must embrace it or risk losing vital competitive advantage, according to research company Gartner. It predicts that, at least up until 2012, most of the new information technology that companies will adopt will have their origins in the consumer space in a kind of ‘trickle-up’ process.
The message is clear: assume your business has all or at least most of these technologies in place already, whether they are wanted or not. No one can effectively ban them and there is no point in pretending it isn’t happening, either. It is important not to forget that, a few years ago, there was much beating of breasts and gnashing of teeth as businesses wondered if allowing staff to have internet access in the office would adversely affect productivity. It would be all but inconceivable for a company today to ban internet access simply because employees may send a few personal emails.
Similarly, companies should think very carefully before locking out the potentially productive collaboration and communication medium offered by IM or social networking. And then there is the human question: banning such services is likely to impact on a company’s ability to hire and retain young, talented and computer-savvy workers.
Pragmatism is the order of the day. Companies should look at their businesses and see if they can benefit from adopting these emerging technologies. Could mobile sales staff function more effectively with iPhones? Can web 2.0 social networking technologies improve collaboration and communication?
However, throughout these evaluations companies must not lose sight of potential security problems associated with the introduction of new technologies as most consumer-grade services are not designed from the ground up with the high security requirements enterprises need. This means that IT departments must be able to audit the use and introduction of new services and rigorously lock down any associated security issues.
It is said that those who fail to learn the lessons of history are doomed to repeat its mistakes so, the message for companies is clear: beware of geeks bearing gifts.
Robert Jaques
www.financialdirector.co.uk
http://www.financialdirector.co.uk/financial-director/comment/2258314/enemy-within-4962568
