May 09, 2012, 9:25 PM — The trend towards bring-your-own computing is being driven by executives who not only insist on connecting their personal devices to the company network -- but refuse to hand over control of those devices to security managers despite exhortations that it's necessary to ensure data integrity. Faced with an explosion in mobile devices and already hurtling towards the cloud, what's a humble IT security specialist to do?
It's a difficult challenge made even more complex because so many consumers are already linking their mobiles to mainstream cloud services like Google's Gmail, Apple's iCloud and various social-media services. The net result: consumerisation is bringing with it all the dangers of cloud environments as well as all the traditional security issues associated with mobile devices. Yet with those devices now comprising part of the cloud itself, the old issues are taking on a whole new meaning.
"The bottom line is that the people who have control over your budget are now insisting on consumerisation," Dave Asprey, vice president for cloud security with Trend Micro, told attendees at the recent Evolve.Cloud conference in Melbourne.
"We have these mobile devices, and they just keep evolving and getting better. So companies are no longer going out and saying 'I'd like to buy a laptop for everyone in my company'; they're going out to say 'I'd like to manage a laptop for everyone in the company'. And this is how consumerisation is happening."
Despite user enthusiasm about using mobile devices, he added, many users are blind to the companion risk that they introduce. Since so many consumers are already using mainstream cloud services like Google's Gmail, Apple's iCloud and various social-media services, the introduction of mobiles into the enterprise is an ipso facto introduction to the risks and exposures of public cloud services -- and that's a completely different risk profile.
"Cloud and mobile are already completely mixed up in the minds of the people who use these devices," Asprey explained. "When you hear about consumerisation and BYO device strategies, it includes cloud as an integral part of that. And as mobile continues to penetrate throughout the population at large, 'cloud' stops meaning 'in a data centre' and it starts meaning 'elsewhere'."
This presents a completely new challenge for security practitioners, for whom the shift away from tightly-managed internal devices represents a major change in security posture. And in this new world, Asprey said, malware authors have the most experience -- as evidenced by their successful establishment of self-managing global networks that tap into millions of mobile and fixed computers around the world.