Feeds

Securing the mobile enterprise

No room for complacency

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Now that corporate governance is the topic of the moment, everyone is much more aware of the importance of maintaining the integrity of important business data, writes Bloor Research analyst Fran Howarth. Not only are company executives personally facing severe sanctions if the business data that they publish is erroneous, but theft of this data can also cost businesses dearly.

Many companies are taking steps to beef up the security of their core business infrastructure and are expanding their auditing activities to ensure that business information is held, exchanged and disposed of securely. However, enterprises are increasingly relying on mobile devices - and this is an area where companies are still paying scant regard to security.

The use of mobile devices is expanding rapidly in business and they are now considered essential business tools - for everyone from top executives to sales and maintenance workers in the field. Yet such devices are at high risk of loss, theft and unauthorised access and use. They contain data and user credentials that may be business critical, and which can be used to penetrate an organisation's network.

A recent survey by security vendor PointSec of business users of mobile devices indicated that most users store their PIN numbers and passwords directly on the device, and most also use them to connect to the corporate network. However, in the same survey, 40 per cent of respondents admitted to having lost a mobile phone, and 25 per cent to losing a laptop computer. PointSec also quotes a survey by Network World in which 91 per cent of corporate respondents cite security as the number one concern with mobile devices.

When companies put in place policies and technologies for mobile security, they must ensure that the schemes that they develop are enforceable and used by all - the security of an enterprise is only as good as its weakest spot. For example, employees might be required to always use anti-virus technology.

Companies should train their users in the need for security and should make them read security policies set by the company - and sign that they have read and understood these policies. The policy should also set out minimum standards required by employees - not only should they have anti-virus software always running, but it should be made compulsory for them to ensure that they have installed the latest updates to such software.

Security policies for mobile devices should include the need for strong authentication of users - if users are going to store their passwords or PIN numbers on a mobile device, then password protection by itself is not enough. Companies should think about demanding the use of secondary authentication, perhaps a smart card or a SecureID.

Vendor PointSec has come up with an interesting solution to the problem of passwords on mobile devices - it has developed a system whereby users click on a series of pictures in a certain order, which users are finding must easier to remember than passwords. It can also prevent the problem of people gaining passwords by looking over someone's shoulder, since the icons will appear on different parts of the screen each time.

With the technology that PointSec has available for mobile devices, it is making mobile security provable. Security is not left to user discretion - all data is encrypted automatically, regardless of location, and all security events are fully logged. For added security, the duties of system administrators and security personnel are separated - bearing in mind that the greatest security threats to organisations come from inside their walls.

For users, not only is encryption automatic and transparent, but there is no need for intervention by IT resources or even for them to be trained in the use of the technology. PointSec's solutions are also managed and enforced centrally, making it impossible for anyone to access data without the correct authentication.

With the threat of attacks, such as worms and hacks, growing exponentially, security is becoming an even more pressing issue for businesses than ever before. Companies need to realise the importance of the mobile networks and apply the same rigorous security standards to these devices as to their core infrastructure systems. Businesses can no longer afford to be complacent.

© IT-Analysis.com

Security for virtualized datacentres

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Comcast exec: No, we haven't banned Tor. I use it. You're probably using it
Keep in mind if, say, your Onion browser craps out on Xfinity
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.