Unsecured devices worry IT professionals

By Eileen Kennedy, News Writer 26 Sep 2006 | SearchWinIT.com

Digg This!     StumbleUpon     Del.icio.us

There are a lot of things IT people must focus on to make networks secure. At the same time, they must allow businesses and organizations to focus on their overall mission.

Lamenting their challenges, many network admins and IT managers offered up their security worries and successes at the IDC Security Forum in New York City last week.

For some administrators, the issues that top their security to-do list include insisting that executive BlackBerrys are password-protected and making sure the devices stay uncontaminated from viruses, worms or worse.

Audrey Pantas, Xerox Corp.'s chief information security officer, insisted repeatedly that executives at her company secure their BlackBerrys with passwords. In the end, she won her case, but not without a lot of resistance.

Pantas illustrated her point with this anecdote. While on a trip, she found a BlackBerry on the road near a parking spot and saw that it was unsecured. She was able to find the owner's contact information, and discovered that the woman was an executive with a large company. "She told me 'thanks, this thing has my whole life in it,'" said Pantas. "I told her 'you're I am the lucky it was me who found it, and you need to put a password on there right now.'"

Of course, not all her department's concerns are so easily addressed. It will be switching to smart cards in the next year, which will act as a computer sign-on mechanism.

Others at the forum said their problem is keeping the desktop clear of third-party devices that people bring to work, such as MP3 players or adding an EVOD card to the company-issued laptop so they can tap into a wireless network no matter where they are.

"It's really about user education," said Bob Blythe, World Wrestling Entertainment Inc.'s director of information technology. "If you talk with [users] one on one, they're usually pretty good about [clutter]." The WWE has about 500 seats.

Joanne Kossuth, chief information officer and associate vice president of development at Franklin W. Olin College of Engineering in Needham, Mass., has a fully converged network, which she helped design. The school is fairly young, with its first graduating class graduating this past spring.

Providing a network that allows faculty and students to collaborate with each other, as well as those in other universities, is a lot of work. The students and faculty demand a lot of openness in such a system, but the IT department must always think of the security issues involved and communicate those concerns well to staff and students.

Andrew Baker, Warner Music Group's director of network services and security, spends a lot of his time educating others in the company about the need for security. IT managers may be weighing several projects, so it's imperative that they understand its importance, he said.

In New Haven, Conn., Tom Keogh, The United Illuminating Co.'s information consultant, has his plate full with his usual compliance work. The utility is a publicly traded company but on cyber-security standards that are being imposed on public utilities. And there is an upcoming round of new computers and software, which Keogh said will not be Microsoft's Vista.

Perhaps the biggest challenge for all IT network security professionals is keeping their networks safe while providing employees with remote access through devices that help them remain productive.

"The days of locking down all the desktops, having no extended networks and no computers leaving the building are over," Pantas said. "You're never going to close all the risk. You just have to be realistic about the risks you take."

This article originally appeared on SearchWinIT.com.

Tags: Industry,  Mobile Devices,  Microsoft Exchange Server Password Management,  Spam and virus protection,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Industry Microsoft drops free migration tool for Exchange 2010 Microsoft reverses support plan for Exchange 2007 on Windows Server 2008 R2 Virtualize Exchange Server 2007 -- without losing your job Exchange Server 2007 SP2 adds auditing, backup Avoid these Exchange Server migration pitfalls Microsoft readies Exchange Server 2010 release candidate Virtualizing Exchange Server 2007 -- Where it works Microsoft updates Exchange Server 2007 SP1 Microsoft fortifies Exchange Server with archiving Microsoft shifts some Exchange support to callback Mobile Devices Top 5 Exchange ActiveSync tips Windows Mobile 6.5 touts Internet Explorer, OWA improvements Windows Mobile 6.5 touts ActiveSync and Outlook Mobile improvements What are your options for sending text messages from Outlook 2007? Using Mobile Device Manager 2008 server roles in Exchange 2007 Understanding Exchange Server 2007 SP1 mobile security settings Synchronized Exchange mobile device showing deleted appointment Which ActiveSync authentication method is best for your mobile device? Disable ActiveSync in bulk with Exchange Management Shell commands Configuring ActiveSync authentication in Exchange Server 2007 Exchange Server Security OWA 'Loading' problems with Internet Explorer security zones New Exchange Server tools named as Products of the Year Beware of bare linefeeds in Exchange Server email Top 10 Exchange Server administration tips of 2006 Enabling protocol logging for Exchange Server Eliminate annoying Microsoft Outlook security warnings with ClickYes Pro Forefront beta secures SharePoint collaboration Dell, Symantec simplify Secure Exchange for SMBs Tutorial: How to determine which ports Exchange Server is using Dell and Symantec bundle hardware, security Exchange Server Security Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary