Log in

View Full Version : The Risks Of Rogue Technology


Ed Hansberry
05-03-2004, 11:00 AM
<a href="http://www.cfo.com/Article?article=11699">http://www.cfo.com/Article?article=11699</a><br /><br />"People will try all sort of things to wring more productivity from fewer IT dollars, but nonstandardized, ''rogue'' technology has many hidden costs. Here's how not to get stuck with more than you bargained for...Seemingly innocuous PDAs can enable unauthorized wireless access, too. "A lot of these new pocket PCs have built-in wireless, and it seems reasonable that if you're floating around at Starbucks with one of these with no firewall, it's just a matter of time before some mastermind figures out a way to hack it," says Galen Schreck, a Forrester research analyst. "We haven't seen any pocket PC viruses yet, but they're inevitable. Besides, there's always the risk of losing it, which is lot harder to do with a laptop. Meanwhile, you've got 64 megabytes of RAM in there that may contain sensitive company information."<br /><br />I don't know about you, but my first PDA was a personal purchase, brought in through the back door of my company. There was no WiFi back then, but I used the modem to RAS into the network and remotely ActiveSync - actually it was called Windows CE Services back then - and eventually got a Compact Flash Ethernet card. I had to spend a bit of time with one of the guys in IT getting him comfortable with the technology.<br /><br />Now that I am responsible for the IT at my company, I have to watch out for what people bring in - everything from hardware to software that is downloaded onto their laptops. If you are the one bringing in rogue technology, you should give this a read to see why your IT department is afraid of you doing that. If you are in IT, you should give this a read to see why you should be careful, but not draconian, about what you allow your users to use beyond the basic company standards.

kzemach
05-03-2004, 12:20 PM
Haven't had the time to read the article yet, but did want to add a point to it. On a business trip in Seattle, I was on my way back to the airport. I stopped at a gas station, filled up, then went inside to pay because the credit card thing wasn't working. The cashier did take an anomalously long time to ring up my card... although perhaps I'm being paranoid. When I got back to my rental car, everything seemed fine. Got to the airport, hefted my briefcase and... it was too light. While I was at the station, someone had literally opened the passenger door and lifted my laptop.

This experience REALLY made me want to get rid of my laptop for business trips. Sure, I want the full version of MS Word and Excel and a big screen and whatnot at my desk, but all the CRAP I have to carry around with my laptop is a pain in the *ss. If it'd all been in a PDA (which it could have been, presentation, notes, and contacts was all I needed) then it would have been in my pocket! Luckily, I'd backed up two days prior....

The author notes that PDAs can get lost, but I note that laptops are probably higher value targets for theft. Which is why I JUST bought that iMate PPC phone and the folding keyboard. Also got the CF sleeve which has a projector hookup built in. When the BT version of the FrogPad (www.frogpad.com) comes out I'll upgrade to that. Can't wait to shed my laptop for 85% of the trips I take. Longer lasting power, integrated comms, slips in my pocket, doubles as MP3 player, add the 1GB SD card and I'm off and running.

I do agree about the rogue technology issues. But this is a training issue, not a technology issue. How many times have I heard someone cry when their laptop crashes or gets stolen or just dies (even at work) and they didn't backup recently! Perhaps company secrets aren't exposed, but company productivity went in the toilet. Again, it's a training issue. All these things need to be integrated by IT depts in a holistic training program to help employees with ALL aspects of IT security and efficiency.

Bill Gunn
05-03-2004, 03:11 PM
Unfortunately, the average IT department in corporate America is three to five years behind the technology curve. I work with some very big corporations who are still using NT 4 and who won't let a Pocket PC in the building. When employees can go to WalMart and buy better technology for their home than they have at the office, they quickly lose respect for the IT "experts."

Howard2k
05-03-2004, 03:30 PM
Wifi is a great example.

Time and time again it's been said "Either you give your employees wireless in a fashion that you can secure and control, or they'll just do it themselves".

My company does not provide wifi so I have deployed some stealth wifi/bt for syncing.
And I'm not the only one.

Mine is secure but others may not be.

notesguy88
05-03-2004, 04:05 PM
Unfortunately, the average IT department in corporate America is three to five years behind the technology curve. I work with some very big corporations who are still using NT 4 and who won't let a Pocket PC in the building. When employees can go to WalMart and buy better technology for their home than they have at the office, they quickly lose respect for the IT "experts."

I work for IT in my company and as you said, we're behind in the technology curve at work. Like you, I have better technology at home! But before you lose respect for the IT "experts," keep in mind that we in IT are "shacked" but the bean counters. Over the last year I've tried to introduce new technology and even some technology that aren't new but will allow us to catch up a bit in the "technology" curve. However, the reply that I get from the business is that we have "NO BUDGET" and the projects are rejected.

bdegroodt
05-03-2004, 04:10 PM
In IT's defense, it's not always an issue of being "behind the curve." Often it's a security and migration issue that has to be mitigated in order to keep the enterprise healthy. Not many products/services/software come on the market fully prepared to be adopted by enterprises with a need to maintain system integrity.

That said, I too have a few rogue secrets of my own...due to IT being "behind the curve."

notesguy88
05-03-2004, 04:16 PM
In IT's defense, it's not always an issue of being "behind the curve." Often it's a security and migration issue that has to be mitigated in order to keep the enterprise healthy. Not many products/services/software come on the market fully prepared to be adopted by enterprises with a need to maintain system integrity.

That said, I too have a few rogue secrets of my own...due to IT being "behind the curve."

That's true too! Heck, as I said I'm in IT... and I have my own rogue secrets too. hahaha

Tricia
05-03-2004, 04:35 PM
its too bad that its so much work to keep up with all the stuff people need to do to make their gadgets secure. like wifi and all that. i mean im sure most people dont intentionally cause problems. most people.

bjornkeizers
05-03-2004, 08:49 PM
I can definitely understand IT lagging behind the curve. Imagine having to justify your entire budget to a bunch of sharks in suits from beancounter central - They'd rather fire your entire department and go back to the abacus if they could help it. There certainly aren't any funds for new and experimental technology like PDA's....

And let's assume you find a likeminded spirit in beancounter central - now comes the jolly fun task of rolling out the new kit to the users. Do you really want to train a hundred people on the use of a PDA or the differences between ad-hoc and infrastructure WiFi? I sure wouldn't.

Bill Gunn
05-03-2004, 10:16 PM
I can definitely understand IT lagging behind the curve. .....
Do you really want to train a hundred people on the use of a PDA or the differences between ad-hoc and infrastructure WiFi? I sure wouldn't.

No. Just the six people who really need it. That is exactly how IT types think though, in all-or-none terms. Often because they are only interested in high profile projects.

Dave Beauvais
05-04-2004, 03:54 AM
A couple months ago we did a room-by-room walkthrough to reconcile our computer inventory and found one rogue wireless access point attached to the network inside the firewall. We shut off the port it was connected to and explained the situation to the user. He told us that he set it up because he needed to get on the 'net with his laptop and didn't want to bother us with a request to activate the other port in his office. Whether that's the real reason or not, we don't know. :) We didn't leave it active long enough to check to see if it had any security features enabled or not. I suspect not.

bjornkeizers
05-04-2004, 12:37 PM
I can definitely understand IT lagging behind the curve. .....
Do you really want to train a hundred people on the use of a PDA or the differences between ad-hoc and infrastructure WiFi? I sure wouldn't.

No. Just the six people who really need it. That is exactly how IT types think though, in all-or-none terms. Often because they are only interested in high profile projects.

Well, that was just an example :-) Admittedly, you wouldn't train the users on that, but let's say that you're rolling out PDA's for an entire department - that'd take a lot of training and support. Why complicate your own job?