Rogue mobile devices are common on internal networks

A recent survey of 1,200 professionals by Deloitte quoted by Tim Wilson of Dark Reading indicated that almost 30% of them believed that rogue mobile devices were present on internal networks and were being used to connect to messaging systems, file servers, and SharePoint sites. A substantial 87% of respondents believe that important internal infrastructure is at risk from these unauthorized mobile devices. This is a very reasonable belief to have. Mobile devices such as phones & tablets are increasingly used by employees to access critical organizational resources. However while use of these mobile devices grows, and soon exceeds, the use of personal computers to access the Internet – the security of these devices lags behind that of traditional platforms such as PCs. This is in part because most mobile device operating systems aren’t designed around the security of the user in a hostile environment, but instead prioritize performance and ease of use. Things certainly aren’t helped by Application Stores that do only cursory checks to see if the applications they publish are ridden with malware, or by users who side load pirated software on their devices. As some within the IT community push to embrace the “consumerization of IT” – questions about how these consumerized mobile devices can be secured from malware are often ignored. The charge seems to be to allow mobile devices, no matter how infected and compromised access to important infrastructure as some sort of user empowerment strategy. Pragmatically, with increasing attacks against mobile platforms, leaving the security of these devices to their owners is likely to result in increasing breaches against organizational infrastructure. The interesting question going forward is whether administrators continue to allow insecure and possibly malware ridden mobile devices to interact with critical organizational infrastructure by attempting to harden the infrastructure itself against inevitable attack, whethe

Orin Thomas

November 1, 2011

2 Min Read
ITPro Today logo in a gray background | ITPro Today

A recent survey of 1,200 professionals by Deloitte quoted by Tim Wilson of Dark Reading indicated that almost 30% of them believed that rogue mobile devices were present on internal networks and were being used to connect to messaging systems, file servers, and SharePoint sites.

A substantial 87% of respondents believe that important internal infrastructure is at risk from these unauthorized mobile devices. This is a very reasonable belief to have. Mobile devices such as phones & tablets are increasingly used by employees to access critical organizational resources. However while use of these mobile devices grows, and soon exceeds, the use of personal computers to access the Internet – the security of these devices lags behind that of traditional platforms such as PCs. This is in part because most mobile device operating systems aren’t designed around the security of the user in a hostile environment, but instead prioritize performance and ease of use. Things certainly aren’t helped by Application Stores that do only cursory checks to see if the applications they publish are ridden with malware, or by users who side load pirated software on their devices.

As some within the IT community push to embrace the “consumerization of IT” – questions about how these consumerized mobile devices can be secured from malware are often ignored. The charge seems to be to allow mobile devices, no matter how infected and compromised access to important infrastructure as some sort of user empowerment strategy. Pragmatically, with increasing attacks against mobile platforms, leaving the security of these devices to their owners is likely to result in increasing breaches against organizational infrastructure.

The interesting question going forward is whether administrators continue to allow insecure and possibly malware ridden mobile devices to interact with critical organizational infrastructure by attempting to harden the infrastructure itself against inevitable attack, whether they attempt to enforce malware management reporting software onto user’s devices in an attempt to keep them sanitized, or some mixture of both approaches.

Follow me on twitter: @orinthomas

About the Author

Orin Thomas

Orin Thomas

See more from Orin Thomas
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears
PowerShell
How I Built My Own PowerShell Multi-File Search Tool
How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire
Career Tips
Am I Burned Out? How To Identify and Address Burnout in IT
Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables