Have you ever taken a personal device to work and connected it to the work network? Maybe you connected to the Wi-Fi with a mobile device. Perhaps you brought in a personal laptop and plugged into an open port to connect to the internet. These may seem like harmless activities, and some companies even allow non-corporate devices on their guest network as a way to enable visitors to operate in their environment. In shared office environments, open networks are seen as business enablers. However, this communal networking approach is a security nightmare.

It is easy to shrug off any concern, citing network segmentation and other technologies to protect the corporate systems from visitor traffic, but as described in the past, achieving network segmentation is a separate challenge, and something as simple as a device misconfiguration can introduce security gaps. 

When analyzed from a risk perspective, the chances of a security gap for a small organization is equally as likely as it is for a large organization. A small company has a high risk because it lacks the staff required to achieve the appropriate level of security. A large organization may have adequate staffing, but the sprawl of such a large footprint can easily lead to overlooked areas.

What Is Comply-to-Connect (C2C)?

Now, one of the largest organizations in the world has taken steps to “combat” the problem of rogue devices on the network. The United States Department of Defense (DoD), which has a roster of nearly three million members, has implemented the “Comply-to-Connect (C2C)” program. 

According to the Defense Information Systems Agency (DISA) fact sheet, the purpose of the program is to “establish a framework of tools and technologies operating throughout the network infrastructure that discover, identify, characterize, and report on all devices connecting to the (Read more...)