It's not your father's VPN anymore. Back in the olden days of computing, you were either on the network or you weren't. Now endpoints are more porous, and getting on a virtual private network doesn't mean that you're protected. When you have a lot of iPads and other tablets that can morph into app-strewn malware carriers with just a few clicks, just how effective a security perimeter will this really be? How safe is your company's VPN? Tell us by posting a comment below. Not a great one. Bringing your own device often translates into bringing your own malware onto the company network. And while your IT department has well-crafted policies for running anti-virus and other checks on typical desktops, that might not be enough any more, especially when it comes to VPNs, which provide a very false sense of security. Having an "app store" model for mobile devices is great for end users. They can find and install something in a matter of seconds and be off and running. But how do you know if the app is what it says it is? You don't. Do you know if you have connected to a legit app store and if all its apps are screened? Even Apple's App Store occasionally lets badly formed apps slip through, despite a lengthy and involved vetting process. And they're usually seen as being the most stringent. So what's the alternative? A number of companies are setting up protected WiFi networks that operate outside the corporate firewall -- a DMZ of sorts. This way someone running bad apps will only infect others in this zone and not mess with the corporate crown jewels. Or maybe users can't download anything in this zone and have limited network access and rights. Most of the major WiFi players have equipment that support this mode of operations. All this should be a motivation toward having some form of data leak protection and intrusion protection products on your network. You want to use the former to make sure that no one is downloading your entire customer database, or even a small subset of it. The latter can be used to stop infections quickly, as long as you have the staff and skills to operate them and understand when they issue the appropriate warnings.
Related Articles
-
How Security Pros Protect Themselves Online
When security experts head online, how does their behavior differ from that of non-experts? According to a new research paper from a group of Google research scientists and engineers (itself based on two survey… -
Introducing the Dice Security Talent Community
Our new Security Talent Community is online, with David Strom as your guide. David calls himself "an old security hand" in enterprise IT, and has created a number of print and online publications for IT manager… -
Network Security Engineer Skills: What You Need to Know
The role of a network security engineer requires a comprehensive skill set to effectively protect an organization's digital assets and ensure network integrity, including a solid understanding of cybersecurity…