On the first day of Christmas my true love gave to me – An iPad2…

On the second day, I got a Digital Camera, the third came in with a SmartPhone, the forth, a High Capacity Drive, and the fifth . . . . I guess you have got the picture. It’s that time of year again when Santa will be visiting all the boys and girls to empty his sleigh. So to get us all in the festive mood, this is the first blog, of a set of four, all aimed at this season of good will.

When it comes to us grownups, we like nothing more than toys from the the online technology store. Here, some of us can be just as bad as the kids, getting excited about receiving the latest and greatest gadgets, fads, and other fun-stocking fillers. In fact I will admit my own favourite was a USB missile launcher, which could be controlled from my laptop, aimed, and fired at whatever selected target I chose – just how funky and useful is that?

But on the serious note of ‘Seasonal-Insecurity’, it is in the hangover of Christmas where we may start to encounter the 2012 Security Challenge! First of all, as most companies who run I/O device monitoring solutions will be aware, it is in the early days of back to work post New Year, when the auditing software starts to get busy. Reporting a range of new ‘unknown’ devices being plugged directly into the USB ports of the corporate assets - and depending on the deployed security policies that are in place, will determine our users local personal experience with their new device, or to put it another way, the corporate exposure to the potentials of Seasonal-Insecurity.

OK, let’s just suppose that when it comes to security, we are trusting, and so long as it don’t hit the bottom line of productivity, we are relatively easy about what our user will attach. However, let’s consider the implications of such kindness, or to be a little more brutal, lax security.  Take our average iPad2 users. Machine up and running, great for doing a bit of company business, but nevertheless, notwithstanding having purchased the big fat 64GB version, there is still a need to accommodate more storage space – No problem, enter the iCloud, or maybe Google, or SkyDrive, or all of them, representing an in the cloud, free-n-easy storage solutions. Here lies the first potential security challenge, for if our user has decided to do some extra stuff on this new shiny toy, it could just be that, in the name of productivity, you could find some of that corporate data spread all over the clouds – and if this has still not convinced you that this could be a tad dangerous, Mr DPA, and Mrs PCI may not full agree, is such information assets are either relating to personal data, of information relating to credit cards.

Consider the fact that our out-of-band, personally owned ‘tool’ could also be used to satisfy a series of end-user desires. It could just be that this machine could be hosting objects with which the business would not, under normal circumstances wish to be associated with. Or maybe, the owner of this new ‘tool’ has been visiting some dark-and-shady sites where he/she may have picked up some electronically-transmitted-disease in the form of malware, a rootkit, or some other malevolent incursion. Do we really want this untrusted system to attach to our internal interconnected business space?

And then there are all the other opportunities that may bring the year in with an unwelcome bang – consider the other co-hosted on-board protocols which arrive with a number of devices in the form of promiscuous Bluetooth, and 802.x WiFi protocols, which, dependent on your physical proximity, and collocated space to other business, or residential neighbours, could present the opportunity of adversity for some untrusted, unauthorised user connecting into this logical advertising space. And then of course we have the prospect of some SmartPhone being plugged in to the workstation just to steal a quick charge, only to be hosting a cross-platform, cross-operating system piece of malicious code.

So, yes, I know it’s the season of good will to all, and I fully agree that it can pay dividends to be nice, and turn that ‘I see no ships’ eye away from the issue. But with the recent spate of Cyber Incursions, Hackers, and Serious and Organised Crime setting their New Year Business Plan running to maximise their revenue, could such kindness misplaced? And think about the tide of viral code, malware, and other such nasty pieces of work spreading to a trusted computer near you. The question is, is it really worth it?

I have no doubt that some readers will consider me to be verging on paranoid, and will dismiss all of the aforementioned observations, and throw caution into the face of the wind. Having said that, I also have no doubt that, ‘some’ of those very same readers will be wishing they had listened to such unwelcome advice when it’s too late - Happy Christmas.

Comment on this blog