This week I was invited by my friends at ISFL (Information Security for London) to give a talk to their members forum. The particular topic of interest was organisations’ loss of control over what endpoint devices are used, with a natural focus on the unstoppable use of i-devices to access corporate data. This is a natural bedfellow of the Cloud discussion to my mind. Cloud will (when it turns up) deliver applications via a browser and, given that you can access the web via any manner of things these days, this is therefore a worry. People can now access data via phones, tablets, Wiis and TVs, as well as the more traditional approaches, and the mobility argument means that this can’t (to a degree) be discouraged.
Bluntly chums, we’ve lost the argument as IA professionals. We argued for years about controlling who can access the network, and having sat and watched a CIO from a government department working on his iPad the other week (I would suggest it was not standard corporate issue) or talked to any number of security officers giving up the fight against Android and other devices accessing corporate networks, we need to recognise that we cannot stem the tide of unauthorised devices. Our American friends coined the term consumerisation – the use of user-purchased consumer devices as opposed to the crappy mobiles we get given when we start our jobs. They are here, and they are now, and they are not going away
So what are we going to do about it? If the C-level team wants to use iPhones, and the sales director likes his iPad, we’ve got to deal with them now. And oddly it requires a technology that for a long time has been the poor relation of the security vendor kit-bag: NAC (Network Access Control). For years it’s been pitched, only for people to go ‘mmm, thats nice, but I can’t see the business case/ I’ve got no money’ etc. Well guess what? Now it’s going to become key. You can’t stop people using these rather groovy devices, but you can prevent them connecting if they don’t have a secured OS, AV that’s not patched or it’s riddled with viruses.
It’s time to admit we lost the battle, but we still retain the ability to win the war. Onwards and upwards my friends!
PS And a big thank you to Matt Smith, Ben Fountain, Dave Sifleet and Bruce Thomson. Well done chaps, its a valuable thing you do, and as ever I’m 100% behind you