APRMAYJUL
02
200620072008
19 captures
02 May 2007 - 29 May 2018
About this capture
Advanced search
Security
NetworkWorld.com > Security >
Readers weigh in: Is the iPod a threat or a scapegoat?
By Cara Garretson, Network World, 04/18/07
The recent articles regarding iPod as a corporate security threat and where responsibility for securing the device lies have stimulated much debate on Network World’s Web pages.
Other stories on this topic
Should Apple secure its iPods?
04/16/07
Can an iPod bring down your company?
04/09/07
Five ways to prevent data theft by iPod
04/09/07
Community
Schwab security story not comforting
Re: Is security an afterthought in virtual environments?
The insanity of Cisco software relicensing
All security forums
Many readers felt we were unfairly singling out the iPod as a security threat, noting that any MP3 player – not to mention USB drives and any other type of removable media – can be used to copy sensitive corporate data without authorization. Yet the fact that Apple has sold more than 100 million iPods separate this product from other MP3 players because of its popularity. What separates iPods from other removable media such as thumb drives is their intent; iPods were designed primarily to play music and videos, while other devices were clearly designed for file transfer. Pointing out their potential for unsuspected misuse, we believe, is doing a service for IT managers.
Here are some samplings from posts that say singling out the iPod as a security threat is unjustified:
The iPod is the threat? How many companies let their employees walk out the door with a laptop? How many let employees visit SSL secured Web sites. These are equally possible avenues of data theft.
---
This is clearly the case of a solution looking for a problem. The spectre of all those iPods out there is supposed to strike fear into the hearts of IT managers and loosen corporate purse strings. The most typical "IT Ignoramus" employee is someone like a clerk, order entry person, low-level bureaucrat, etc. without direct electronic access to sensitive information anyway. I can't imagine a non-defense related company giving middle/upper managers, sales people, engineers, etc. that have access to sensitive data "locked down" PCs, so they can't share information while on the road, or even e-mail pictures of their last vacation to a co-worker.
---
IPods have been around since 2001. USB flash drives have been around even longer. Removable media devices don't steal data, people do. An endpoint security solution is only one part of the component. If you have untrustworthy employees then no software, hardware, "network nazi," or other mechanism will keep them from stealing data, anymore than I can keep people from stealing my stapler.
Other readers felt the stories made a moot point in that every organization should already be monitoring which devices employees attach to their corporate PCs and notebooks, and blocking data transfer accordingly:
People with laptop's are usually entrusted with those devices...they sign IT policies or their systems are locked down to prevent them from extracting data. This does not mean that you let your entire network also be another unsecure security hole! Whether it's an iPod or a damn USB flash disk or even a digital camera... you lock them down altogether.
---
Our laptops and PCs are locked down tight and if the end user requires "admin" access we remotely take care of the problem if they're on the road. Should they require data to share, we take care of it before they leave. Also, low-level employees will come across sensitive material all the time through internal e-mail or other means, most especially "clerks". Your level of security all depends on your organization and the cooperation of the upper management.
---
I work at a company which is either the biggest or nearly biggest company on Earth (depends on your measure). We disabled the USB ports a few years ago, and IT only re-enable them with lots of justification. Why would any company not do this? It's not hard, enforces company IT security policies and should be part of any security strategy. Corporate documents can walk out the door either through printed copies, e-mails, USB mass storage devices, burned CDs or even hard drives being literally lifted out of a machine. Any company not locking down all of these options shouldn't try to shift the blame, and journalists shouldn't confuse the issue either.
---
At truly secure work sites, such as the Y12 or Los Alamos weapon labs, no employee or visitor is allowed to bring onto site any device that can be used to copy classified documents: no cell phones, no iPods, no PDAs, etc. Of course, these actions are only as effective as the discipline of the facility. But companies can, and should, take responsibility for securing their data. I cannot think of any way that Apple could lock-down the iPod without them depriving all users of functionality, whether legitimate or illegitimate.
There were also comments regarding whether corporations should ban iPods from the workplace:
Sheesh...What ever happened to trust between an employee and the employer? If my company told me that I could no longer have my iPod in with me at work, I'd leave it in my car. If they began to tell me that I couldn't even have one on the grounds, I'd think it was time to look for other employment. It's coming around again to be an employee's market. Be careful about how you treat those who do the actual work for your company.
---
Almost all MP3 players have the capability to act as a repository for copying and removing data, not just iPods from Apple. The question really is how do we as managers of corporate technology address the possession of devices of this sort and more importantly end point security? And then at what level of the organization? For us, all plant supervisory and lower staff are not allowed to have any device of this type, that's policy. Also we monitor for the connection of a removable media device to terminals or PCs. But with cell phones, media players and flash drives, how do you stop it without using some sort of end point control? You can't.
---
I'd also suggest a ban on briefcases and other bags of a certain size in the work place. They can not only be used to smuggle sensitive documents from the workplace, but they could smuggle in weapons and explosives.
---
We also asked readers to take two polls on the topic. To the first question, “Does your organization have any security rules regarding iPod use at work?,” 8% of the 48 respondents said yes, 90% said no, and 2% didn’t know. To the second question, “Should Apple bear some responsibility to add security to iPods?,” 88 % of the 60 respondents said no, while the remainder said yes.
The entire collection of postings and poll results can be found here. Feel free to add your two cents.
© Copyright 2007 Network World Inc. |
Reprint
Discuss: Be the first to comment on this article
 Sponsored by:

E-Mail article
Print
Contact author
AIM this article
Slashdot It!
del.icio.us
Stumble
Digg
Reddit
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."

*Anonymous comments will only appear once they are approved by the moderator.

Already have an account? Check to see if you're logged in.
Join community

Top 10 stories
New video
Hot Topics
TODAY'S MOST-READ STORIES:
1. Top 15 all-time 'network-iest' TV characters
2. Slideshow: Cisco's New Catalyst 6500 blade
3. Homeless man disrupts Internet2 service
4. Cisco blade boosts security control
5. The 50 best consumer tech products ever
6. How to find your security holes
7. Juniper's Screen OS 6.0 security upgrades
8. Student evades Cisco NAC; gets suspended
9. Top 6 time-wasting practices CIOs should avoid
10. What NAC can do for you now
MOST E-MAILED STORY:
'Evil twin' Wi-Fi access points proliferate
IT TOOLS & HOW TO'S, JUST POSTED
Cisco Commercial Data Center Executive Overview
Network Downtime, the Configuration Error
Network Access Control Technologies and Symantec Compliance on Contract
Internet Security Threat Report
The Essential Elements of Comprehensive Endpoint Security
NETWORK WORLD NEWSLETTER
Sign up for some of our Network Security newsletters.
Security in Practice
Virus and Bug Patch Alert
Security Strategies
Security News Alert
VPNs
Messaging
 All newsletters  
E-mail Address:
MOST POPULAR IT TOOLS & HOW TO'S
IP Surveillance - The Next Generation Security Camera Application
Practical Email Governance Now. Meeting the Minimum Threshold to Regain Control Over Email.
Five Steps to IT Risk Management Best Practices Brochure
Security Information Management Solutions: Beyond Threat Management
Adapting to New Threats with Integrated Message Management
Sponsored Links
Introducing Intel(r) vPro(TM) Technology
Manage and protect your PC fleet with Intel(r) vPro(TM) technology.
SPONSORED LINKS
Buy a link now.
Introducing Intel(r) vPro(TM) Technology
Manage and protect your PC fleet with Intel(r) vPro(TM) technology.
What disaster? Recover quickly, cost effectively.
Get a FREE VMware Disaster Recovery Kit Today!
Protect Your Business
Create Reliable, Cost-Effective and Secure integrated network solutions
The Logical Causes of Application Degradation, by Jim Metzler- Packet Design
Is Tape Really Cheaper than Disk? - Read the Total Cost of Ownership Study- The LTO Program
Network World Executive Guide: The Virtualization Equation- Novell
Peer to Peer: Data Center Buyers' Insights- Avocent
12 Tenets of Identity Management - Free expert White Paper.- Quest Software
Get a head start on protecting your network. Download IronPort Systems Report on Spam, Viruses and Spyware- IronPort Systems
As an IT decision-maker, we invite you to join IDC's Enterprise Panel! Receive free IDC research and discounted conferences passes for your contributions.- IDC
Microsoft System Center: A family of leading IT management solutions- Microsoft
Network World Editorial Webcast: Data Center Power & Cooling Options- EMC
Get real-world advice on how to handle rising net management challenges.- INS
Videocast: Are you making the most of your WAN? Get The Best of MPLS- Cisco/Verizon
PAY LESS, BUY DIRECT: GoCables specializes and excels at manufacturing and providing cable assemblies to meet the highest standards. Try It Now!!- GoCables
Get news, case studies and analysis on how enterprises are leveraging mobility.- Nokia
Gain better control of your IT costs. Visit the Virtual Academy of Technology.- Oracle
TechNet: More ways to know it, share it, and keep it running.- Microsoft
TechNet Plus Direct: Subscribe and see all of the advantages.- Microsoft

RESEARCH CENTERS:
Applications-Standards | Applications Vendor Solutions | CRM / ERP | Databases | Directories | Grid Computing | .Net | RFID | SOAP | Web Services | XML | Convergence Regulatory |​Convergence Standards | Video | VoIP | Acceleration | Gigabit Ethernet | LAN Standards | Management Test | NAC | Identity management | Patch Management | Microsoft Security | Privacy | Security Standards | Viruses & worms | Web Security | Backup-Recovery | Data Center | Desktop Management | Grid | Server Blades | Servers Desktops | Telework | Handhelds & PDAs | Home Networking | Online Games | InfiniBand | Storage Virtualization | Virtualization | Vendor News | Bankruptcy | Earnings | Lawsuits | Layoffs | Standards | Start Ups | Vendor Markets | Education | Financial | Healthcare | HIPAA | Manufacturing | Retail | Service providers | PDAs & handhelds | Wireless Standards | Wireless Switches | All Company Profiles | Cisco Subnet | Microsoft Subnet | Download Library
About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW
Copyright, 1994-2007 Network World, Inc. All rights reserved.
IDG Network: CIO Computerworld CSO Demo GamePro Gamer.net GamerHelp.com IDGconnect.com Infoworld IT Careers IT World CanadaJavaWorld.com LinuxWorld.com Macworld Outsourcing World PC World Playlistmag.com
HOMERESEARCH CENTERSSecurityLANs & RoutersVoIP & ConvergenceNetwork ManagementWireless & MobileOperating SystemsServers & Data CenterApplicationsStorageWide Area NetworkSmall Business NetworkingCisco SubnetMicrosoft SubnetEVENTSBUYER'S GUIDESCAREERSNW SUBSCRIPTIONABOUT USSITE RESOURCESNewsNewslettersTestsBuyer's GuidesOpinionsBlogsPodcastsEncyclopediaThis Week in PrintWhite PapersExecutive GuidesSpecial ReportsSalary CalculatorWebcastsRSS FeedsVideo LibraryDemo.comLINUXWORLD.COMJAVAWORLD.COMPARTNER SITES -Campus Networking -NAC Cram Session -Virtual Academy of Technology -Networking SolutionsSpecial IssuesNew Data CenterBest of the New Data Center: Conquering EvilThe latest security trends and technologiesBest of the New Data CenterBest of the New Data CenterGuide to ILMILMSee your link here.
NAC Cram SessionAnti-VirusFirewalls / VPN / IntrusionSpam / PhishingWireless SecurityWhite PapersBuyer's Guide