Feeds

Securing the mobile enterprise

No room for complacency

  • alert
  • submit to reddit

The essential guide to IT transformation

Now that corporate governance is the topic of the moment, everyone is much more aware of the importance of maintaining the integrity of important business data, writes Bloor Research analyst Fran Howarth. Not only are company executives personally facing severe sanctions if the business data that they publish is erroneous, but theft of this data can also cost businesses dearly.

Many companies are taking steps to beef up the security of their core business infrastructure and are expanding their auditing activities to ensure that business information is held, exchanged and disposed of securely. However, enterprises are increasingly relying on mobile devices - and this is an area where companies are still paying scant regard to security.

The use of mobile devices is expanding rapidly in business and they are now considered essential business tools - for everyone from top executives to sales and maintenance workers in the field. Yet such devices are at high risk of loss, theft and unauthorised access and use. They contain data and user credentials that may be business critical, and which can be used to penetrate an organisation's network.

A recent survey by security vendor PointSec of business users of mobile devices indicated that most users store their PIN numbers and passwords directly on the device, and most also use them to connect to the corporate network. However, in the same survey, 40 per cent of respondents admitted to having lost a mobile phone, and 25 per cent to losing a laptop computer. PointSec also quotes a survey by Network World in which 91 per cent of corporate respondents cite security as the number one concern with mobile devices.

When companies put in place policies and technologies for mobile security, they must ensure that the schemes that they develop are enforceable and used by all - the security of an enterprise is only as good as its weakest spot. For example, employees might be required to always use anti-virus technology.

Companies should train their users in the need for security and should make them read security policies set by the company - and sign that they have read and understood these policies. The policy should also set out minimum standards required by employees - not only should they have anti-virus software always running, but it should be made compulsory for them to ensure that they have installed the latest updates to such software.

Security policies for mobile devices should include the need for strong authentication of users - if users are going to store their passwords or PIN numbers on a mobile device, then password protection by itself is not enough. Companies should think about demanding the use of secondary authentication, perhaps a smart card or a SecureID.

Vendor PointSec has come up with an interesting solution to the problem of passwords on mobile devices - it has developed a system whereby users click on a series of pictures in a certain order, which users are finding must easier to remember than passwords. It can also prevent the problem of people gaining passwords by looking over someone's shoulder, since the icons will appear on different parts of the screen each time.

With the technology that PointSec has available for mobile devices, it is making mobile security provable. Security is not left to user discretion - all data is encrypted automatically, regardless of location, and all security events are fully logged. For added security, the duties of system administrators and security personnel are separated - bearing in mind that the greatest security threats to organisations come from inside their walls.

For users, not only is encryption automatic and transparent, but there is no need for intervention by IT resources or even for them to be trained in the use of the technology. PointSec's solutions are also managed and enforced centrally, making it impossible for anyone to access data without the correct authentication.

With the threat of attacks, such as worms and hacks, growing exponentially, security is becoming an even more pressing issue for businesses than ever before. Companies need to realise the importance of the mobile networks and apply the same rigorous security standards to these devices as to their core infrastructure systems. Businesses can no longer afford to be complacent.

© IT-Analysis.com

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.