[Editor’s Note: This piece appeared as a sidebar to a longer feature that is entitled “The Digital Oilfield Has Arrived.” The material appears in the October 2014 issue of PBOG Magazine.]
The business of security is best handled with a holistic approach, according to Lance Tolar of Tolar Systems.
“This approach is better than focusing heavily on one area and foregoing other areas,” he said. “And by that we mean we would rather have a good BYOD [Bring Your Own Device] implementation, and a good wireless practice, and good remote access practice, than to focus heavily on one area and forget the others.
Lance Tolar, president, Tolar Systems Inc., Abilene, Texas.
“Here’s why BYOD is a major issue. Mobile computing devices have significant computing power and often operate outside of network policy rules. These devices revolve in/out of networks every day. Devices can carry malicious apps, vulnerabilities, or malware. Mobile devices are insecure endpoints connected to the world. If an unprotected, unauthorized computer can do it, a mobile device can do it too, and you’ll never know it.”
The infiltration can go straight to the heart of the organization because it’s behind the firewall, Tolar said.
“Let’s say I give my device to my junior high kid so he can play a game, and he downloads an extra for that game that has malware. Since my device likely does not have security software, I now have a compromised device that is right at the heart of the corporate network—it walks in the front door, executes its code, and walks right back out. It may have reported from inside your firewall. You never even knew it happened.”
“No one is monitoring what those [devices] do, and therefore, we [I.T. security professionals] are very insistent on isolating networks and infrastructure, so that we can provide people with access. People may bring their devices into our organization, but we want to isolate mobile or foreign devices from our desktops and our servers, so that systems are not affected maliciously.”
And that step, Tolar said, is actually very easily done. “Business owners would be surprised how easily and cost effective it is to isolate mobile devices. Most people would be astonished at how many networks and offices we consult with, where isolating mobile devices is the first thing that we do. Very few companies actually have gotten that far.”