In January 2011, more than 2 700 technology companies exhibited their wares at the International Consumer Electronics Show (CES), in Las Vegas. An impressive number of new devices were launched there, including the latest iPhone 4, next-generation netbooks, the new iPad and any number of Andriod-based tablet PCs.
There is little doubt that the 'always connected' pundits and social network devotees are well served by the latest technologies and gadgets. These devices are no longer the prerogative of the tech-savvy, but capable of being optimised and enjoyed by everyone, including my neighbour's 10-year-old.
While there are many key technology advances linked to the new smart devices, they are sure to spark security concerns in the minds of many corporate decision-makers. When they become linked to the enterprise network - as their owners eagerly substitute them for 'regulation' end-point devices - they are sure to push security risk levels to unprecedented highs.
Takeaways
Make no mistake, despite company rules forbidding the connection of private devices to the network, in most organisations there seems to be little stopping an executive from wirelessly plugging in his or her new iPad and downloading confidential data almost guaranteed to leave the premises at closing time.
This practice has become so prevalent that many organisations have thrown up their hands in defeat as the number of employees exchanging last year's corporate-issue BlackBerrys for their own, latest-technology iPhones continues to grow unmanaged and unregulated.
The time has come for organisations to accept that employees will increasingly want to use personal devices with which they are more comfortable and familiar. By accepting this trend, management will encourage workers to become more productive and efficient.
The challenge for companies is to devise ways to control the many different end-point devices in use to ensure vital corporate data does not find its way onto non-company-owned assets.
In the past, network managers relied on network access control (NAC) solutions and policies to help achieve their security goals, but today's mobile devices include a wide range of application programs - Facebook, Twitter, Linkedin and others - that are able to continuously share personal information with the corporate server.
There seems to be little stopping an executive from wirelessly plugging in his or her new iPad and downloading confidential data.
Andy Robb is CTO at Duxbury Networking.
This might have positive implications when it's the always-on-the-run executive's hard-to-secure appointment schedule becoming available to those who need to plan a meeting with him, but quite the opposite in many other instances.
Traditionally, network managers defined what devices could connect to the network and identified those users permitted to access specific resources. Today, individuals will most likely bring multiple devices to the network, each requiring a different profile to be recognised, thus exacerbating authentication problems.
A broadly accepted additional layer of management control (beyond physical security, passwords requests and device profiling) is called for - and long overdue.
Virtualising the desktop
Perhaps the answer lies in the concept of virtualisation of the desktop - as pioneered by the likes of Citrix - and the wider adoption of VDI (virtual desktop integration) technologies.
By definition, VDI is the practice of hosting a desktop operating system within a virtual machine running on a centralised server. The technology separates a personal computer desktop environment from a physical machine using a client-server or server-based computing model.
The model dictates that the 'virtualised' desktop is stored on a remote central server and not on the local storage repository of a remote client.
In other words, VDI facilitates the virtualisation, centralisation and management of any program, application or process which can then be delivered on-demand, as a service, to users anywhere on any device.
When users work from their remote desktop client - which can be the latest iPad or smartphone - information is not downloaded and never shared. Confidential data is always owned and managed by the VDI architecture itself.
One of the spin-off benefits of VDI technology is cost saving. VDI adoption allows organisations to reduce their investments in computer hardware by not having to purchase a complete workstation (with operating system and applications) for each user. Instead, several thin clients (dumb terminals) can be installed or employees can bring their own devices to work.
As users are able to share networked resources allocated to them on an as-needed basis, hardware systems required to run these resources can be smaller and cheaper.
The adoption of VDI will, of necessity, change the face of the security industry. Currently there is a plethora of solutions aimed at end-point security opportunities within the enterprise, many of which will be overshadowed by VDI and fade into obsolescence. Security vendors will have to adapt their offerings to a VDI-enabled networking environment or face extinction.
Share