Consumers blow holes in corporate security

Analysts Gartner has warned firms to prepare for new security threats

Gartner has urged IT managers to prepare corporate systems for the avalanche of security threats about to be unleashed on the enterprise by new consumer technology, but suggested current security tools are not up to the job.

The research company highlighted the danger of web mail, instant messaging (IM), IP telephony, Blogs, social networks and other Web 2.0 services, unmanaged mobile devices and remote network connectivity as potential channels for information leakage and attacks from malicious software.

“Most organisations will find themselves unable to completely block these services for cultural, if not technical, reasons, but security options are available to limit the risk,” wrote Rich Mogull, research vice president for Gartner in a special report published yesterday [14th June].

“Current acceptable use policies often do not cover these areas, and traditional e-mail security, firewalls and URL filtering do not deal with them effectively.”

Mathew Lodge, Symantec EMEA director of product marketing, argued that Gartner may not have been aware of Symantec’s newly announced Endpoint Protection 11.0 solution, which is deliberately designed to address web mail and IM security loopholes by monitoring inbound and outbound traffic. But he conceded that URL filtering was more difficult to do.

“The challenge is that the attackers are always moving content around to different sites, and now they move more quickly because they know we are monitoring them,” he said. “We can absolutely lock down the corporate networks, but laptops are more difficult.”

Mogull advised IT managers to deploy network access control solutions wherever it was practicable to do so, deploy web security gateways to block inbound traffic and the use of unauthorised applications and configure CMF/DLP solutions to enforce security policy on software using the HTTP protocol.