Wave Systems Corp. (fka WAVXQ)

[dude_danny]

iPhone, Gmail and blogs - a corporate security nightmare
Fear consumer tech...
http://software.silicon.com/security/0,39024655,39167527,00.htm
By Andy McCue

Published: Friday 15 June 2007

The use of consumer-based technology such as web email, instant messaging, smart phones and games consoles by employees is one of the most significant threats to corporate IT security.

Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.

It is very easy to sniff Bluetooth traffic.
Consumer-based communications tools such as Hotmail, instant messaging and voice over IP are used by most employees, often from work and also as a way to transfer work materials to and from their PCs at home.

In a report, Gmail, iPhones and Wiis: Preparing Enterprise Security for the Consumerisation of IT, Gartner research VP Rich Mogull said: "Most organisations will find themselves unable to completely block these services, for cultural, if not technical reasons, but security options are available to limit the risks that consumer communications services create."


Blogs, social networking tools and other web 2.0 technologies are another risk for information leaks or as channels for malicious software and viruses.

Gartner advises organisations to configure content management and data loss prevention tools to monitor and block the release of sensitive content over HTTP and peer-to-peer network traffic and also configure the web gateway to block any services such as social networking not deemed suitable in the workplace.

The emergence of increasingly sophisticated media-centric consumer mobile handsets such as the iPhone can also be managed without a complete enterprise ban.

Security options for these devices include restricting the ability for unapproved devices or storage to connect to managed PCs and laptops, deploying an SSL (secure sockets layer) VPN to enable secure thin-client remote access to enterprise systems, and encrypting all approved mobile devices with access to sensitive data in case of loss or theft.

Forrester senior analyst Bill Nagel, speaking at the Forrester IT Forum in Edinburgh this week, added: "Not all information needs to be protected. Only put high-levels of security around data you cannot afford to lose. Consumer technology is very useful and is not going to go away."

Forrester highlighted Bluetooth, insecure home wireless networks and "evil twin" malicious public wi-fi hotspots as particular security risks to corporate IT security.

Nagel said: "Bluetooth is a security nightmare. Bluetooth traffic is rarely encrypted. One big problem is people just leave the security enabled by the phone, which is usually nothing. It is very easy to sniff Bluetooth traffic."

But Forrester said the use of consumer-based technology by employees also has many advantages and can lead to equipment cost savings, better back-up of corporate data, more flexible work conditions and improved collaboration.