Rogue mobile devices are common on internal networks

A recent survey of 1,200 professionals by Deloitte quoted by Tim Wilson of Dark Reading indicated that almost 30% of them believed that rogue mobile devices were present on internal networks and were being used to connect to messaging systems, file servers, and SharePoint sites.

A substantial 87% of respondents believe that important internal infrastructure is at risk from these unauthorized mobile devices. This is a very reasonable belief to have. Mobile devices such as phones & tablets are increasingly used by employees to access critical organizational resources. However while use of these mobile devices grows, and soon exceeds, the use of personal computers to access the Internet – the security of these devices lags behind that of traditional platforms such as PCs. This is in part because most mobile device operating systems aren’t designed around the security of the user in a hostile environment, but instead prioritize performance and ease of use. Things certainly aren’t helped by Application Stores that do only cursory checks to see if the applications they publish are ridden with malware, or by users who side load pirated software on their devices.

As some within the IT community push to embrace the “consumerization of IT” – questions about how these consumerized mobile devices can be secured from malware are often ignored. The charge seems to be to allow mobile devices, no matter how infected and compromised access to important infrastructure as some sort of user empowerment strategy. Pragmatically, with increasing attacks against mobile platforms, leaving the security of these devices to their owners is likely to result in increasing breaches against organizational infrastructure.

The interesting question going forward is whether administrators continue to allow insecure and possibly malware ridden mobile devices to interact with critical organizational infrastructure by attempting to harden the infrastructure itself against inevitable attack, whether they attempt to enforce malware management reporting software onto user’s devices in an attempt to keep them sanitized, or some mixture of both approaches.

Follow me on twitter: @orinthomas

Discuss this Blog Entry 1

on Nov 1, 2011
As a Symantec employee, I really do think a holistic approach one that secures both the both the networks and data, as well as the devices needs to be taken. The goal should obviously be to embrace the consumerization of IT in a controlled manner in which consumer devices are brought into the enterprise under the watchful eye of IT, implementing necessary security technologies in the process. However, as the Deloitte survey results highlight, there will likely always be some percentage of rogue devices and those must be taken into account as well. That is where a hardening of the networks and data comes into play. In my opinion, one of these approaches without the other is an incomplete strategy. Spencer Parkinson Symantec

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.

Contributors

Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than thirty books for Microsoft Press, founded the Melbourne System Center,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×