• TechnologyInnovator
• EnterpriseInnovator
• SecurityInnovator
• WirelessInnovator 

• Due to an epidemic of spam, we no longer check incoming email!

• SmartPhone Headline News
• PDA Headline News
• 3G Headline News
• Bluetooth Headline News
• WiFi, WiMAX & WAN Headline News
• Tablet Headline News
• Laptop Headline News

• Over the River
• eMarketer 
• TechnologyPundits
• Security Insights Blog 
• McAfee AudioParasitics
• Strand Consult
• Ovum
• The Eye For Innovation
• Rethink Research
• Innovation Insights
• Innoblog
• Strategy and Innovation
• The Gadgeteer
• Handheld Speech
• Ghost City

 

 

With the recent proliferation of mobile devices, IT managers are faced with a host of new security worries. Microsoft estimates that every user carries 2.3 devices-a laptop, two handheld devices and a mobile phone-all carrying some amount of corporate data and frequently connecting back to the corporate network. IDC estimates that more than 35 percent of an organization is made up of mobile workers. Organizations with this situation are at risk of several security threats, including interception, infection, and theft and loss.

Mobile Device Security Vulnerabilities:

Most mobile devices connect over the Internet, which is not secure. Data is transmitted by default, most Web sites are not secured, and most e-mail traffic is not encrypted, leaving ample opportunity for interception of information. Devices usually connect to the Internet through a local point of present (POP), which exists somewhere on the Internet and is local to the user performing the connection. Once that connection is performed, the communication is passed on to several other networks until it finally reaches the corporate network.

Mobile devices are also vulnerable to infection. Users can open email on a mobile device and either enact a virus, or accidentally store the virus on their device, which may later infect the corporation. This "Trojan" scenario can allow hackers to penetrate corporate security through mobile users.

Additionally, when downloading files from a Web site, users take the risk of downloading files that may be infected. Synchronizing and docking with computers outside the corporation also presents the risk of connecting with infected computers.

When a mobile device is infected, several things will happen. First, the device may become inoperable, or there may be data loss. The viruses then tend to replicate from device to device, or computer to computer, throughout the organization. This happens via e-mail, or through synchronization with the corporate network. Viruses can also send confidential information to other machines, thus sharing proprietary information with competitors.

Mobile devices are easy targets for theft and loss for several reasons. The small form factor of mobile devices makes them easy to conceal. Furthermore, users tend to easily misplace them on buses and airplanes.

Also, mobile devices provide access to computers that are outside the corporate network, which hackers can easily gain access to. Most devices have password security implementations that prevent access, but users tend to find them complicated and cumbersome, so they are rarely utilized.

Laptop Security Vulnerabilities:

The laptop is the most popular mobile device used today in the enterprise and is used frequently for business and personal purposes. Advancements in technology have enabled large amounts of information to be stored on laptops, which are also easily lost or stolen. Additionally, because most viruses are written for the PC platform, the laptop is at greatest risk for infection. Finally, laptops often connect over a cable modem or DSL, which is usually on for long periods of time, leaving the system vulnerable to hackers.

Mobile Technology Deployment Considerations:

IT managers can minimize security threats by asking themselves several things when evaluating mobile device technology. First, they must determine what corporate data will be available on these mobile devices and ensure that it is synchronized and backed up with the organization's information. Other questions include:

How will these devices connect to the corporate network?

> Will they connect only when they come into the network?

> Will they dock?

> Will they connect directly via dial-up connection?

> Will they connect through a third-party ISP or a wireless service provider?

Will these devices be used for both business and personal purposes?

> Will they dock or sync with machines that are outside of the organization?

> Will they have personal data stored on them as well as corporate data?

> Can you dictate what type of information is on the devices?

Once these questions are answered and the device is chosen, the implementation should be integrated with current the organization's existing security model.

The Future of Mobile Device Security:

Unfortunately, the future brings more security risks for mobile devices. Connections with 3G networks are showing increases in the number of bytes that can be transferred per second to mobile devices. Also, high-speed home access with cable modems and DSL is increasing productivity for telecommuters, which will likely spread to the mobile device world.

Organizations need to be aware that, although most current mobile device virus outbreaks are stopped in a few days, this may change in the future as high-speed networks and wireless transmissions allow the devices to stay on and connected at all times.

Increased device capacity will also allow more corporate data to be carried outside the corporation to the mobile computers. Typically, mobile devices today store somewhere from 34 to 64 megabytes of data and technology exists today to increase that to 400 megabytes. By next year, this should climb even higher. It is a possibility that sometime in the future the entire corporate data storage may be able to fit on a single mobile device, thus putting all mobile assets at risk.

There is no single solution for securing mobile devices, but there are preventative measures that will address many corporations' mobile security concerns. Companies should always establish mobile security policies and procedures that help reduce risks in their organization and choose mobile devices with security features. Also, Mobile Device Management vendors provide solutions that help with managing the security issues that have been addressed in this article. With a device management solution you can automatically deploy the latest security patches or virus definitions plus enforce built-in operating system security settings in the remote device to ensure a strong level of protection.

Mobile device technology has created fundamental changes in the way employees. As these technologies gain acceptance in corporations, we have seen new challenges and new opportunities. The security risks are significant and the entire organization may be at risk unless a well thought out mobile security plan is implemented.

Doug Neal is CEO of Mobile Automation, which develops mobile systems management solutions that extend the reach of organizations beyond traditional LAN-based tools. The company provides software for controlling software distribution, application management and systems configurations.