Network Discovery and the Problem of Unmanaged IT Assests
Neil MacDonald had an interesting post over at Gartner’s blog about unmanaged SharePoint servers. He estimates in a recent research note (subscription required) that 30% of SharePoint servers are essentially unmanaged by IT, which raises the kinds of security problems we’ve been talking about for a long time: it’s impossible to ensure that these unmanaged assets conform to security policy, opening up the possibility of network leaks and vulnerabilities that cyber criminals can exploit to enter the network. Plus, all of these ad hoc deployments are likely to be inefficient and redundant, which is a problem that becomes much more pressing in a challenging economy (to say the least).
And the problem of unmanaged assets is just getting worse as virtually every electronic device in the office acquires an IP address. It’s all too easy for these devices to hook up to the network, unbeknownst to IT. And it’s not just phones and printers. Fortune Magazine, for example, had a story yesterday on Fugoo that unveiled technology that it hopes appliance makers will adopt to connect such mundane items as a coffeemaker and a dishwasher to the network.
While it’s unlikely that a hacker could break into a network through an IP-enabled coffee maker, these devices still present security problems. For instance, what’s to prevent that coffee maker from shipping with malware pre-installed into its hardware so that, once connected to a network, it distributes them behind the firewall. It’s not out of the question. Last year, for instance, English consumers reported that digital photo frames they had received as gifts attempted to transfer malware to their computers after they connected the frame in order to upload images. The malware turned out to be a particularly nasty Trojan horse called Mocmex. In 2007, Seagate shipped hard drives that had a Windows-based password-stealing Trojan horse pre-installed. The virus apparently originated on disk drives that had been shipped from a factory in China whose manufacturing facility had been infected. And in 2006, the Rjump Windows computer virus snuck onto a small number of Apple’s iPods during manufacture.
The point is that unmanaged network assets are a huge security problem that’s just going to get worse.
Tags: Data Security, Gartner, Infrastructure, linkedin, Sharepoint Servers, Unmanaged Assets, Unmanaged Connections