The 8 most dangerous consumer technologies - PART 1

High-tech consumer products and services of all kinds are making their way into the workplace. They include everything from smart phones, voice-over-IP systems and flash memory sticks to virtual online worlds. And as people grow more accustomed to having their own personal technology at their beck and call -- and in fact can't imagine functioning without it -- the line between what they use for work and what they use for recreation is blurring. Unfortunately, this trend poses problems for IT organizations. For one thing, the use of these technologies increases the risk of security breaches.

But in many companies, it would be against corporate culture to simply ban the devices or to block employees from accessing consumer services. At the same time, companies can't depend wholly on policy to maintain the level of security they need.

To help you decide how to respond, I will look at eight popular consumer technologies and services that have crept into the workplace and provide some insight into how companies are achieving the balance of security, productivity and sanity.

1. Instant messaging
2. Web mail
3. Portable storage devices
4. PDAs and smart phones
5. Camera phones
6. Skype and other consumer VoIP services
7. Downloadable widgets
8. Virtual worlds

As it wont be be possible to look at all technoligies at a time, we will have alook at them in parts. This is the first part of it.

1. Instant messaging :
People use instant messaging for everything from making sure their kids have a ride home from practice to communicating with co-workers and business partners. In the Yankee study, 40% of respondents said they use consumer IM technology at work. Instant messaging present numerous security challenges. Among other things, malware can enter a corporate network through external IM clients and IM users can send sensitive company data across insecure networks.

One way to combat threats is to phase out consumer IM services and use an internal IM server. In late 2005, Global Crossing did just that when it deployed Microsoft Corp.'s Live Communications Server (LCS). Then in August 2006 it blocked employees from directly using external IM services from providers such as AOL, MSN and Yahoo. Now, all internal IM exchanges are encrypted, and external IM exchanges are protected, as they're funneled through the LCS server and Microsoft's public IM cloud.

Adopting an internal IM server also gave Global Crossing's security team more control. "Through the public IM cloud, we're able to make certain choices as to how restrictive or open we are. We can block file transfers, limit the information leaving our network or restrict URLs coming in," which was a common method for propagating worms, Miller says. "That takes away a huge component of malicious activity."

You can also take a harder line. DeKalb's security policy, for instance, bans IM use altogether. "It's mainly chat-type traffic, not personal health information, but it's still a concern," Finney says. As backup to the restrictive policy, she blocks most sites where IM clients can be downloaded, although she can't block MSN, AOL or Yahoo because many physicians use those sites for e-mail accounts. Her team also uses a network inventory tool that can detect IM clients on employee PCs. If one is found, the employee is reminded of DeKalb's no-IM policy and notified that the IM client will be removed. Finney is also considering various methods of blocking outbound IM traffic, but for now, she also uses a data loss prevention tool from Vericept Corp. to monitor IM traffic and alert the security team about any serious breaches. To do that, Finney's team needs to shut down most of its Internet ports, which forces IM traffic to scroll to Port 80 for monitoring.

DeKalb is looking into the idea of implementing the IM add-on of IBM's Lotus Notes or even an internal freeware IM service like Jabber for business users who want to communicate across campus. "Nothing is 100%," Finney says. "IM is always a huge concern from a security as well as a productivity perspective."

In the second part I will dwell into webmail and Portable storage devices