Mobile work may endanger IT security, says Gartner

20 Aug 2007

Increased mobility and IT traffic poses an increased risk to a firm’s security, according to IT research and advisory firm Gartner

Robin Simpson, Gartner research director and co-chair of Gartner IT said at a recent Security Summit in Sydney that new rules are needed to allow enterprise IT assets and functions to coexist with employees’ personal digital assets.

Simpson stated; “You can’t hold back the changes being driven by your user population by force. You need to find a way to delineate between the business and personal computing worlds so they can work side-by-side and the boundary can be secured.”

He then highlighted some of the reasons that employees prefer to use their own PCs including the fact that user requirements are not “one size fits all”, travelling workers need personal data and connectivity while on the move, nobody carries two notebooks and full and part-time teleworking is increasing.

“Our research confirms that companies around the world are increasingly considering employee-owned devices to be formal business tools,” Simpson claimed.

A 2006 Gartner survey of medium-sized business in six countries found that 42 percent of organisations had policies or schemes allowing personally owned PCs to connect to the corporate network, and this figure was higher in the U.S. (51 percent) and UK (49 percent).

According to Gartner, businesses should prepare for employee-owned notebooks with a thorough review of security, compliance and application delivery architecture.

“By taking security precautions and investing in foundational security technologies now, enterprises can prepare themselves for increasing use of consumer devices, services and networks with their organisation, and manage these risks,” said Mr Simpson.

Many of these security tools, such as network access control (NAC), stronger authentication technologies, PC virtualisation and digital rights management (DRM), are being adopted by enterprises to manage other threats and can be configured for consumerisation threats.

Joe Griffin