The personal hotspot, or MiFi, makes it a snap to connect to the Internet at near landline speeds, which is why it's public enemy No. 1 in some corporate IT departments. Fighting it, however, is a losing battle.
The MiFi allows end users to roll their own Internet connection, and it leaves the IT department, the long-held gatekeeper of the Internet, with tire tracks on its back. Users who have long been resentful of draconian web filtering practices and poor Internet performance can now use personal hotspots to give themselves and their cubicle neighbors unfettered access.
Embracing personal hotspot use
IT sees the danger of personal MiFi use, and rightly so. When users bring their own Internet connectivity, they bypass all the complex Internet filters and firewalls that come with the corporate Internet setup. Personal hotspot use makes the corporate LAN as insecure as any other public Wi-Fi connection, because would-be attackers can use them to get inside the fence of the trusted network.
To combat these risks, some IT departments take a search-and-destroy tack, attempting to detect rogue MiFi access points with specialized monitoring tools. Some even resort to jamming the radio frequencies that unauthorized devices use. But most IT departments lack the resources to effectively stop MiFi and personal hotspot use. Today's workers are mobile by nature, and many employees use whatever Internet connection is available to them to get work done. In most cases, employees are simply trying to be productive, not malicious.
More on personal hotspots
MiFi trivia challenge
Creating a Wi-Fi hotspot
Hotspot 2.0 primer: Moving toward integration
Instead of taking on a fruitless, scorched-earth campaign to control the proliferation of personal hotspots, IT's network and security strategies should embrace bring your own Internet and its cousin, bring your own device. In the consumerization age, the office LAN needs to be redesigned as an untrusted network.
If it's company policy to use Web filters, IT can run PCs through existing Internet filters no matter where the employee or device are. Transparent, always-on Secure Sockets Layer virtual private networks can keep mobile devices tethered to the corporate network, and therefore to corporate policies. Free and low-cost options such as OpenDNS are also mobile-friendly. Filtering the domain name system (DNS) requests through a cloud-based server frees IT from managing the infrastructure, without sacrificing IT's centralized control and administration of a Web content policy.
Admins have to realize that Internet filtering is imperfect. With the information gleaned from a simple Google search, today's increasingly tech-savvy employees can bypass those filters.
Depending on business needs, consider taking a non-technical, pragmatic approach to personal hotspot use. Educate users on company policies and teach them best practices for safe Internet use. This requires the business to trust their employees and enforce policies when abuse occurs.
Personal hotspot security risks
Another valid IT concern when users have more liberal access to the Internet is the increased threat of malware and viruses. If IT doesn't restrict access, users are in jeopardy of going to the wrong site or clicking on a phishing link in an email. The traditional antivirus technology is nowhere near 100% detection or proactive protection. Threats are usually a step ahead of the available software.
Products are emerging that address malware and other threats in new ways. Bromium's vSentry, for example, encapsulates Windows processes using micro-virtualization, keeping processes isolated from one another. When malware activates, this process-level hypervisor stops it from infecting other system resources.
The personal hotspot and its brethren bring employees extraordinary flexibility to work wherever they choose. Instead of playing a costly, time-consuming and largely futile cat-and-mouse game, businesses should focus on getting the most value from these devices while still maintaining important policies and protecting the corporate data from menaces.