Security Policies in a Consumerized IT Environment

[techiehelpdesk]

There are a lot of technologies nowadays available to the consumers both for IT and non-IT alike. Technologies like Iphone, Itouch, Ipad, Blackberry, laptops and netbooks are easily to be availed and used. Even “Lola Techie” could attest that these technologies are easily to be adapted by people who like to understand it.
The good of this is it makes our online lives easier. It even boosts our job performance which give us promotions and higher pay. What we do is we bought more of these technologies to boost more our competencies on work.
But as long as these technologies were been introduced in our working environment, the more IT insecurities it develops. Maybe like a netbook who’s been used on a coffee shop and got infected with malwares and viruses could infect the network environment at the office and other consumer IT equipment’s as well.
Due to this scenario, it may become a problem of most IT Administrators to maintain the security of the network environment. How could we maximize the security without making it hard to be availed?
Security Concerns
IT concerns on a Consumerized Environment is could be categorized into two parts:

• Threats induced by consumer applications

o Emails
o Social Networking Sites
o Web Access

• Threats induced by consumer hardware

o Laptops
o Mobile Phones
o Mobile Tablets PC
By looking at this category, it looks hard to impose a security policy on this devices because it is mostly it acts as a tool for use to be more productive for our companies. Not to mention the millions of mobile workers at field and on their homes. But there’s a way to do it.
IT Administrators solve this by putting web proxy on their network disallowing employees on accessing unpermitted sites and make it an office IT policy. Disallowing personally owned consumer hardware on company premises so it could not infect you internal network and making your IT environment malware/virus free.
Threats and Risk Assessment
To properly make a guideline on securing your IT network is to define the threat and assess the risk that the network will encounter while this consumer equipment’s are on the network.
These are some issues that IT Administrators deal when consumer technologies implicates the network.

• Worms and viruses form different websites such as social networking sites and online games that may get personal company information or destroy company owned IT equipment which could result to service downtime and data theft.
• Leakage of competitor’s data when mobile computers and mobile phones are been stolen, lost or accidentally accessed by the local family.
• Uncontrolled sharing of company secrets outside and within company networks.

Defining Policy Guidelines
Because of the threats been defined above, we must develop a company policy guidelines to be enforced for mobile, consumerized IT environment. This includes:

• Security of company data on every PC and Mobile Computers
• Security of communication especially on employee to employee communications. (i.e. VPN or Direct Access)
• At least the company has a capability to wipe out stolen/lost company mobile computers remotely.
• The company network should be capable of checking the health of every mobile PC’s while connected to the network to prevent spread of viruses and malwares on company network.
• Enforce content filtering to control files to be sync from company computers and their mobile devices.
• Generate a policy on what software applications could the company employees used on corporate computers.
• Capability to have agent/agentless configuration to enforce security remotely thru company network.
• Develop a policy for employees who use social networking within company network.

Synopsis
On a consumerized IT network, we must remember that we should choose which technologies we allow to access on our networks. We should also categorize the applications to be used while on office. Lastly, we should create a policy that governs the users on how to use their consumer IT equipment in and out of our company premises. The consumer technology will be existent for a very long time and we should be prepared to dealt with the non-stop change of technology.

[cpcastro]

Great post. We would love to read more of these soon. Nice to meet you at makati Shangri-La