Security minefield: 'Bring your own device' will bedevil IT security in 2012

The rapid adoption of the newest mobile devices -- especially the Apple iPhone and iPad and the Google Android-based equivalents -- will be a huge disruptive force in enterprise security next year. Not only will there be pressure to decide how to protect and manage these devices, which are growing as malware targets, the complexity of this task is magnified many times over because companies are allowing employees to use their own personal smartphones and tablets for business purposes -- what's sometime called "bring your own device" (BYOD).

And if that weren't enough, 2012 is likely to be the year when information-technology managers will be forced to come to grips with the security consequences of their own decisions to virtualize their networks, which has widely impacted servers and may also radically transform traditional desktop environments. But virtualization architectures are giving rise to the need for new types of security controls and options that must be weighed in the context of the network use. And decisions to link virtualized environments to cloud-based services also mean coming to grips with new security considerations.

MORE ON SECURITY: 2011's biggest security snafus

"One of the biggest challenges for companies is moving into the cloud space and virtualizing a lot of the products they use," says Lenin Aboagyue, principal security architect at Apollo Group, which owns and operates the University of Phoenix and other higher-education institutions where providing a wide array of high-bandwidth applications used for online learning is paramount.

Security controls such as data-loss prevention, anti-malware, encryption and intrusion-prevention shouldn't be forsaken in the quest to virtualize and link into cloud platforms, he says. In the hybrid virtualized environment Apollo Group is growing, Aboagyue says there's a need to constantly assess how security vendors or cloud services support virtualization-oriented security.

Meanwhile, the smartphone/tablet and BYOD trend is shaping up as an inescapable security challenge as known malware samples for the new generation of devices are now starting to pile up, especially for Android.

"Today there are over 500 pieces for Android alone," says Patrik Runald, senior manager for security research at Websense. "But next year there will be even more, thousands more." He notes that the Apple iOS platform, because of its design, appears more secure for now at least, but the basic problem of mobile-device management (MDM) -- and the BYOD issue -- has to be addressed. "How are you going to provision these?" Runald asks. "How would you lock down the phone?"

In the Ponemon Institute's recent "State of the Endpoint" study, a survey of 688 information and security managers, 17% said more than 75% of employees in their organizations already use their personal devices in the workplace, and 20% said more than half did. A quarter said they use MDM of some kind today and 45% indicated that would increase in the next 12 months.

Read more about wide area network in Network World's Wide Area Network section.