Article by Chris Orr
With the release of the iPhone 5 the proliferation of personal smart phones into the enterprise will get even faster. With projected sales between 5 and 8 million iPhones through the holidays you can guarantee that a fairly large percentage of them will be added to the burdens of the corporate network.
IT Ninja’s everywhere will not only have to integrate these devices into the fabric of their network infrastructure but will also have to push policies to ensure that they are not used as a threat vector for the pirates. Laptops were a serious enough issue with some of your employees potentially taking home sensitive data. Smartphones with their lower costs and inexpensive “apps” mean that just about everyone your employees has one and everyone of those employees has access to your network. Think of all of the business enablement apps that are out there beyond simple email. Salesforce, Dropbox, Sugarsync, SAP Mobile and Roambi are just a few of the apps that can be installed onto an iPhone, iPad, or Android device that give them direct access from anywhere in the world…to your sensitive data…
If the IT Ninja hasn’t done so already, now is the time to establish and document a security policy around BYOD. Connecting security to the business means being proactive in protecting critical assets from the threat of personal devices on the network. Ensure that you have the means to detect threats both from the pirates on the outside and the people on the inside (who may actually be a bigger threat to worry about anyways…)
Have the ability to correct any issues that are found to threaten assets, remote wipes, lowjack software and other tools that enable the IT Ninja to find a lost or stolen device and erase it if it contains sensitive data. Ultimately, whether your employees bring an iPhone or an Android, personal devices on the network has become a reality that is just not going away. Make sure your ninjas have the policies and tools they need to manage the risks of allowing these devices onto your network.
Cross-posted from Tripwire's State of Security