Shiny-Toy Syndrome - Employee-Owned Phones Can Be a Not-So-Cool Security Risk

SEMA News—May 2012

INTERNET
By Joe Dysart

Shiny-Toy Syndrome

Employee-Owned Phones Can Be a Not-So-Cool Security Risk

While tech-giddy employees are prone to fawn over every new iThing smuggled into the workplace—devices that are often used in violation of company policy—IT security pros see something very different: a security breach waiting to happen. The hard fact is that many of those unauthorized devices can slash gaping holes in company security systems in a nanosecond, exposing company data and applications to hackers. Indeed, even some authorized devices keep security IT up at night, since their current software solution may not be designed to handle some of the brand-new phones and tablets.

“‘Bring your own device’ can be a double-edged sword for enterprise IT departments,” said Zeus Kerravala, principal at ZK Research. “On one hand, there are great productivity gains to be had by enabling workers to use their own devices on the business network. On the other, provisioning, securing and managing those devices is a nightmare for IT.”

The reason? Company security IT personnel are able to safeguard the company network only when they know ahead of time what kind of smartphones and tablets will be logging into the system. Add a new smartphone on the sly—with a foreign operating system and apps that may be riddled with viruses—and all of security’s carefully coded defenses can be shredded in an instant.

Even worse, the security tsunami created by unanticipated gadgets is expected to grow more ferocious in the coming year, tech experts said. About 48% of smartphones at the workplace these days are chosen by employees rather than IT departments, according to a December 2011 study released by market research firm Forrester. And rarely do employees even consult with IT to determine if the company’s computer pros can secure those phones.

Read More