CSO: Locking your company’s back door

It’s a beautiful Sunday morning and you’re outside washing your car, soaking up some rays and looking forward to an afternoon on the links. Having successfully implemented various enterprise security policies, thoughts about corporate security are a million miles away. Then Freddie, your neighbour’s 16-year-old son, rumbles past your driveway on his skateboard and hollers, “Hey, dude! I see you’re into Ludacris and Jay-Z. Pretty cool for an old guy.”

Recovering from your moment of stunned silence, you vaguely remember seeing such bizarre names on a rap Web site that you stumbled onto when ‘Googling’ the night before. Waving Freddie over, he admits to easily accessing your unsecured home wireless connection, checking out your most recently visited Web sites, and jumping to a wrong conclusion.

Suddenly corporate security is very much on your mind. You feel a nervous twitch coming on and you realize your golf game is doomed. A cloud covers the sun as you brood on the questionable value of your company’s substantial investment in security, in light of the fact that a sixteen-year-old with a C average found it ‘easy’ to break in and retrieve private and potentially business-impacting information.

In truth, Freddie probably doesn’t pose much of a threat to your business. But there are plenty of others out there who do. And that’s a problem for every CIO to consider.

As technology evolves, more and more people — including your organization’s top executives — are able to work from home, accessing corporate information and files that are usually secure within the physical office. But corporate firewalls, VPN, anti-virus, spyware detection and other corporate security controls don’t work if they aren’t mimicked at home.

While you likely have successfully evolved security programs to address the ever-changing regulatory landscape and mitigate breaches, back-door threats from unsecured home devices still remain a big problem.

Where do security efforts stop?

Some security policies include provisions for non-corporate assets, yet PricewaterhouseCoopers (PwC) research suggests that enforcement has been negligible. While this is changing as network access control capabilities are introduced into mainstream security, the fundamental question remains: what is the impact to the corporate environment when there is weak security within the residential community?Public locations such as airports, trains, the local coffee shop and our homes have fast become the new security battleground. Text It’s typical to think that information security is an IT-issue that can be solved using technical solutions. However, when looking at security breaches and their causes it becomes clear that this is a far-reaching management issue, where organizational, procedural, behavioural (including private spaces) and technical solutions must be integrated.

Weak residential security has contributed to the security apathy many organizations experience today. Most executives assume there is no link between residential security and the corporate environment, and have not envisioned the potential impact of such a security breech. As our bricks-and-mortar facilities and perimeter firewall controls continue to decay in the wake of ubiquitous wireless access, traditional views of security fade as well. Public locations such as airports, trains, the local coffee shop and our homes have fast become the new security battleground. In the IT industry, we’ve known that wireless networks have been unprotected for over five years and while progress has been made in the corporate arena, little has been made in the residential community.

A 2005 research study conducted in a Canadian city of about 100,000 people found that two-thirds of the households with wireless connections had no security measures in place. The statistical population profile of this city is akin to most in Canada, so we can assume that the results would be similar across the country.

Consider the impact that a mass virus, spam or worm infection in the residential community could have on the corporate environment. In many instances our personal home computers are the first line of defense for the corporation. Yet according to a Forrester Research study

Related Download
Can we save the open web? Sponsor: Acquia
Can we save the open web?
Join the creator of Drupal, Dries Buytaert, in a discussion about the web’s evolution, how we can put the power of the internet back into the hands of the people, and how you can prepare your organization.
Register Now