Originally Posted on Iron Bow Technologies Federal Blog, TechSource.
Authored by Prem Iyer, Information Security Practice Director
As with many new technologies the Chromebook is creating a surge of excitement among consumers. Users may be excited to get their hands on the new technology – but IT departments are dreading it.
With the demand of mobile devices growing, network administrators are faced with BYOD (bring your own device) to work; employees are accessing the network with their new mobile devices.
The Chromebook will be a similar phenomenon, causing administrators heartburn as they struggle with the loss of visibility and control needed to keep the network secure.
How should IT departments prepare?
Organizations have to have a plan in place to address employees’ use of mobile technologies, from smart phones to tablets and more, as they access sensitive data, government and corporate assets.
Ensuring that end users have access to enterprise assets while at the same time being confident that the connectivity to those devices as well as the devices themselves are protected is top-of-mind for IT security teams.
Before signing up for cloud based technologies specifically, there are several questions that need to be asked:
- How does the provider handle incident response?
- How much of their security architecture are they willing to share with you?
- What about multi-tenancy?
- Can you perform your own forensics if you choose, or will they do it?
- How do they handle web content filtering?
Ultimately, organizations need to be cognizant of what they are signing up for. These new cloud based technologies, such as the Chromebook, are increasing the stress for IT departments because they lose significant control of the organizational security posture when ‘outsourcing’ to the cloud.
To manage and secure other mobile devices that are not cloud-based, one strong security approach is to use a combination of virtualized desktops and device security.
This will enable the user population to gain access to assets they covet most, while allowing IT security teams to sleep at night knowing those endpoints are secure. In addition, this provides enterprise management of a multitude of devices, ensuring that important capabilities like remote wipe and lock, application self-provisioning, etc., are available for IT staff to use as necessary.