Security

The Dangers of Mobile Management for You, the User

The subject of personally-owned mobile devices like tablets and smartphones being used on the corporate network is a hot one. I posted about it here, but it's a much wider issue than I covered in that piece. Many companies are concerned about the proliferation of personally-owned devices showing up in the workplace and are now in the process of developing and deploying mobile device policies and technologies to help enforce them.

Most of what's been written to date has been focused on the issue from the company's perspective, or from the perspective of an IT manager. However, I think it's about time that someone went to bat for the end users who own and operate these devices. Since I fall into both categories, I figure I'm qualified.

Deciding to start using a personally-owned mobile device or computer for work purposes or on the corporate network can have some consequences that you've probably never thought about. For instance, let's assume that you carry your Apple iPhone with you to the office and that you attach to a corporate 802.11 wireless network to access the Internet. At my company we have a separate "guest" network for connectivity of this type.

Have you ever considered that even though you are attaching to a "guest" network, you're still attaching to a company-owned network and all of your activities may be monitored?

I didn't think so. Many of us use personal smartphones to manage our company email but keep a separate email account (think Gmail or Yahoo) for doing personal activities -- like job hunting for instance. I wonder how many of us realize that by doing this while attached to a corporate network we've relinquished our right to privacy. It's an easy trap to fall into because we're used to using these devices for private activities while at home and so it feels natural to keep doing it while at the office.

One of my fellow Computerworld bloggers, Barbara Krasnoff, touched on some of these concerns in her recent post. As she mentions, in some cases your company may require that you encrypt all of the data on your mobile device in order to use it at work. This can make backing up and restoring your data difficult and in some cases impossible. If you ever do decide to switch jobs, your company may also require that you allow them to erase all of the data on your mobile device -- not just company data -- but all of the data. Now, if your backups are encrypted as Barbara points out, well, you're up a well known creek my friend and a paddle you have not.

You don't have to take your computing devices into the office to attach them to the corporate network. Many companies allow users to connect via VPN from personally owned devices. Once you've done this, you might as well be in the office as far as privacy is concerned. Not only that, but if you're using a computer at home and you connect it to the corporate network, then that computer could be subject to interrogation by the company. Just imagine you're talking to a corporate attorney at some point in the future and you're asked "have you ever used personal computers at home for work-related activities?" If the answer is "yes," then your personal computers and your personal data could be at risk.

To bring this full circle, geeks like me -- network engineers, system administrators, and the like -- are usually some of the worst offenders as our personal toys are a lot faster and cooler than the ones that the company provides, and we can allow ourselves access from whatever devices we want. This is all fine and dandy until something goes wrong and suddenly we're subject to the same consequences as an average user.

I'm not suggesting that we all start carrying around three cell phones like many of my friends in the military do -- but if you decide to start using your own devices for work you need to realize that you're giving up a few things that you may at some point wish you had back.

Have an opinion about personal computing devices and/or mobile devices in the workplace? Know any good horror stories about folks getting burned by using personal devices at work? Post a comment and tell us about it!

Flame on...
Josh
Follow me on Twitter

Josh Stephens is Head Geek and VP of Technology at SolarWinds, an IT management software company based in Austin, Texas. He shares network management best practices on SolarWinds’ GeekSpeak and thwack. Follow Josh on Twitter @sw_headgeek and SolarWinds @solarwinds_inc.

Subscribe to the Security Watch Newsletter

Comments