Always-Listening IoT Devices Raise Security Policy Questions For the Workplace

wiredmikey writes: Rafal Los raises an interesting point about new Internet of Things (IoT) devices that may be coming into the office after Christmas, and the possible security risks associated. He uses an example of the Amazon Echo which is "always listening" and raises the question of how welcome it would be in an office where confidential and highly sensitive conversations are frequent. "How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn't be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who's addressing all the other gadgetry?"

BYOD Only network

[The-Ixian]

We have a byod wifi network for any non-approved wireless devices.

The network is completely separate from the LAN and normal WIFI network and is subject to some bandwidth throttling.

A user can plug in a device to the network, but I do monitor the DHCP logs. This hasn't been a real problem since we gave the users a sandbox to play in though.