VideoAs mobile phones, smart phones, PDAs, laptops, BlackBerrys and other mobile gadgets spread across the business landscape, CFOs are finding themselves working with CIOs and IT managers to fight an ongoing security war. Lost and stolen devices, porous wireless links and devious employees are among the threats facing enterprises with roaming workforces.
The problem is sneaking up on many CFOs, who often only become aware of it when valuable data is lost or compromised, says Richard Morgan, a director at Sybase, a mobile and wireless enterprise software company in the US. "Mobile device adoption is growing, and this could represent a security threat to enterprises if not managed correctly," he notes. "The devices that are being deployed are growing in power and capability — with this come added risks."
Lost, But Not Forgotten
While the potential exposure of mobile-phone users to the dangers of an attack is low, all laptops, smart phones and other mobile devices capable of storing sensitive data can be lost or stolen. So it's good insurance to secure the data with encryption software, says James Moran, fraud and security director of the GSM Association. Encryption tools are available from numerous vendors, including Smobile, PGP, TrueCrypt Foundation, Data Encryption Systems, SJ NAMO and T3 US.
But Khoi Nguyen, mobile security group product manager for US software security company Symantec, believes that encryption needs to be combined with other safeguards to keep data fully secure. Companies "should use security software that includes antivirus, firewall, data encryption, password protection and device feature blocking," he says. Symantec, Sybase, McAfee, Trust Digital and Trend Micro are among the many vendors offering mobile security that provide these capabilities.
Philippe Winthrop, business mobility solutions analyst for Strategy Analytics, a technology research firm, suggests that mobile devices should also be "hardened" to prevent users from modifying settings and disabling security technologies when out of the office. "If you don't know how to do this, find a security expert who can help you make your units tamper-proof," he says.
Businesses might also want to consider a service such as CompuTrace which uses global positioning system (GPS) technology to track lost or stolen laptops. As soon as someone in possession of a missing laptop signs on to the internet, CompuTrace activates and notifies the police. If the thief doesn't use the laptop to log on to the internet, or if the laptop can't be located by authorities, laptop data is still safeguarded by encryption. The mobile device can also be remotely directed to automatically wipe its hard drive clean, thus protecting the information all the same.
Wireless Worries
Confidential business information isn't only threatened by lost or stolen mobile devices. Thieves can also whisk data away via wireless means. Wi-Fi networks, which allow devices within a 100-meter radius of a hot spot to access the internet, are particularly vulnerable to attacks. Smart phones and PDAs are now becoming, in essence, permanently attached to corporate networks. Someone can compromise a mobile device from a distance and use it as a gateway to a network without the operator even knowing that it's happening.
To ensure wireless safety, all mobile devices must include some type of wireless security technology. The first wireless network security standard — Wired Equivalent Privacy (WEP) — was a relatively weak technology. But more recent specifications, such as Wi-Fi Protected Access (WPA), WPA2 and IEEE 802.11i, can be powerful security tools, reckons Nick Magliato, CEO of Trust Digital, a mobile security software company.
Rapidly proliferating Bluetooth technology, which allows connectivity between mobile phones, PDAs, laptops and other gadgets at short distances, is another prime wireless weak spot. As with Wi-Fi, attackers may take advantage of Bluetooth connections to access or download information onto a device.
"Technically, Bluetooth is one of the most insecure wireless technologies" says Bill Nagel, a security, risk and identity management analyst for technology research firm Forrester. "There has been anecdotal evidence of data being stolen via Bluetooth." To keep snoops at bay, Nagel recommends that users be required to turn off Bluetooth technology whenever it's not being used.
Wireless VoIP, which allows users to send phone calls over laptops, PDAs and other portable gadgets via a Wi-Fi link, also worries IT security experts. Because VoIP is data-based, it's vulnerable to many of the malware threats that plague desktop computer users, including viruses, worms, spam and phishing. Wireless VoIP mobile devices can be protected with the same technologies that are used to safeguard wireless data.
Down the road, new wireless technologies like WiMAX, which will blanket entire cities with wireless internet access, will arrive to challenge enterprise management with new security issues. That's why it's important to stay on top of emerging trends. Nagel suggests that companies focus on data security as well as device security. "That means knowing what data is most dangerous to lose and where it is stored."
Stealth Threats
While BlackBerrys, PDAs and laptops are the devices most closely associated with mobile security lapses, a variety of other "stealth gadgets" are also a potential security trap. MP3 players, for example, can be linked to PCs to store items beyond songs and podcasts — such as confidential reports and top-secret customer lists.
Reader Comments» Post a comment