People who work for big companies are consistently ignoring the security policies of their employers to use banned social networking apps and their own phones and computers at work. This is the headline finding of a poll of 500 IT security professionals conducted by Cisco. Some 68 per cent of the respondents know their employees …
I've been in companies where data protection was Not A Priority, by personal word from the CEO. Alrighty then, let's open it all up. No? Oh.
I don't think there's anything wrong with having a Policy that says Thou Shalt Not Connect, though I might provide, say, unfiltered wireless to the outside for the ``guests'', disconnected from the inside network. Any more connecting, if you must --and if I don't get to forbid it--, is through a VPN, even though the device is right there in the building. After all, the device is foreign and not under my control. That or the TFI (preferred).
This simply because anything else is worse in terms of trying to keep the network clean and usable. You want me to do that for you, don't you?
We could cut our IT budget in half if all employees would simply follow the policies, but are those the employees you want?
Esspecially in IT oriented companies (and more and more need IT) you want the people to be familair with new technologies.
And while it adds risk one can wonder if that risk is not exagerated. In our company users can access corproate e-mail with an iPhone, and we require them to use a pincode. other then that there is not much data on the phones. And if there is wifi they could reach the network, but everything confidential is behind a firewall anyhow, it's not like the iphone is a fileserver.
I'm not one of those consumer stuff junkie
However the company where I work now has issued me an old laptop with Windows XP SP2 and IE6. This is the corporate standard and is not going to change in the next two or three years. I don't know how and what Cisco can do for them.
Anonymous because I'm running Firefox portable in order to get a decent browsing experience and I don't want those ferocious admins to believe I'm acting against the corporate policies.
VPN: not be taken internally
The point of a VPN is to protect data being transferred over untrusted intermediary networks; if it's the endpoint's own security you are worried about, a VPN is completely the wrong solution, unless you're trying to protect against eavesdropping on your own WLAN. The VPN in itself will do nothing at all to protect anyone on either end from any compromise of the remote system!
The nice thing about smartphones is that they don't need a wifi connection to get outside. If it doesn't go through the corporate wifi, IT can't log it and tattle to your boss — so maybe they're doing us a favor.
Mostly been there, done that.
For years now, Windows PC laptops are not allowed to connect to our networks unless they have specified protective software installed.
It's even easier now, as the young ones don't know an ethernet jack from a hole in the wall. All they know is wifi. When they see networks available but they can't join them, they come to get disinfected & condomed & MAC ACL'd, and then they get access.
Data leakage is another problem entirely, sad to say.
Companies will have secure IT policies as soon as they want them.
The rather public and consistent firing of employees for violating company policies tends to motivate people to not break policy. Eventually the unemployed under 30-somethings figure out they aren't as smart as their teachers said they were and they'd better buckle down.
Flip side is companies also have to have IT policies that support what the company sells. I understand why AC 2010-06-25 15:30 has a laptop with XP SP2 and IE6, and that's a management failure as well. He has it because the homegrown apps haven't been tested with the newer software, and they haven't been tested because management hasn't provided IT with the resource to perform said testing.
Believe me, as the guy once standing in the way of deploying IE7 and SP3, it sucked. But the testing hadn't been done and the resources to do it were not made available, and I knew there were critical business applications that hadn't been updated to use the newer versions of the software. Hell, at that point the master database for our employees was still sitting on a Windows 98SE PC. I'm actually glad I was involuntarily separated from the company.
Cisco Comment on this
Cisco has announced a new approach to security that deals with the fundamental shift we are seeing in the marketplace. Mobility is at the core of the next computing cycle. We see examples of this everywhere from the proliferation of handheld devices, the adoption of the mobile Internet and mobile computing, and also the consumer influence of IT. These factors dictate how we think about security and since the traditional paradigms have changed, we have to rethink how those problems get solved. Our new approach is called the Secure Borderless Networks and it positions Cisco as a security leader at the forefront of this shift. In support of this shift,
we are introducing a number of solutions, one of which was Cisco AnyConnect Secure Mobility in March 2010. Press release here --> http://newsroom.cisco.com/dlls/2010/prod_030210.html
Our strategy in supporting smartphones with AnyConnect is to provide coverage for leading Enterprise mobility platforms including Apple, HTC, Android, Nokia, Samsung, Windows Mobile and others. In support of this direction, Cisco announced several mobile partnerships on June 24th 2010. Additionally Apple has already announced the availability of AnyConnect on iOS 4.0 in their own launch. We expect that to be available in the second half of 2010. Cisco blogged about it here --> http://blogs.cisco.com/news/comments/apple_announces_cisco_ssl_vpn_support_o
Full disclosure - I am the public relations contact for Cisco's security business.
I'm not that bothered by employees breaking the rules, it keeps me well paid and employed chasing them down!
Oh god! Not Cisco VPN everywhere! I had enormous problems with their VPN client for XP. It scrambled the TCP/IP stack so badly that nothing worked. Utilities to repair the stack didn't fix the problem and the VPN client couldn't be removed so I had to reinstall the whole operating system.
Colleagues said a later version of the software worked but wasn't available from corporate IT as it hadn't been tested yet so they downloaded a cracked version from one of the warez sites. Probably not the best source for security software.