Feeds

Exec + PDA = security alert

Smart handheld, dumb user

  • alert
  • submit to reddit

The Power of One Infographic

Reg Reader Studies Security has always been a concern when it comes to separating user access from the core of an IT system. Put terminals outside the machine room – you must be joking? Departmental servers out in the office – you what? Commercial data over the world wild web – too dangerous! Mobile access to precious and confidential data – why risk it?

Mobile devices, including smartphones, networked PDAs and mobile email handsets have become more prevalent as the gadgets for delivering productivity on the move. The sophistication of these handhelds combined with their small size is perceived to increase the IT security risks to any organisation permitting their use. But do they really punch a hole through the IT security perimeter, can they be infected with new airborne viruses and how vulnerable is sensitive data on the move if they are lost or stolen?

In a recent survey examining the issues of managing a mix of mobile technologies, conducted by Quocirca and the Register, security challenges are clearly the main issue and especially so for deploying small, smart handheld devices – PDAs, smartphones etc – but worryingly almost 40 per cent do not treat the security of these handhelds as seriously as laptops. Smart handheld deployment may be relatively limited, but 14 per cent have broad experience and altogether almost three quarters have some experience, even if unofficial, so this is not a problem to ignore.

Laptop deployments have been growing over the years, and remote dial-in modems are increasingly giving way to wireless and cellular data cards and chip sets, so the security problems associated with mobile laptops have kept the IT industry occupied for some time. Passwords, biometrics and smart ids can be used to secure the point of access; encryption and VPN tunnels to secure information as it flows en route; anti-virus software and firewalls to prevent laptops themselves from coming under attack.

Laptops are now well covered and only a small percentage do not believe their current solutions are very effective, but over a third recognise they must do more for smart handhelds. While today many handhelds are often only used for mobile access to email and simple contact management, the security problems will only grow as new applications and more data are used and stored on increasingly more capable devices.

Some technology can help, but technology by itself does not make the problems diasappear. The old mantra of people, process and products holds particularly true for IT security. Setting out a strong policy is the right start, but it must be communicated, understood, accepted and enforced. This is often difficult for an IT manager to enforce when the perpetrator is a senior executive.

Whilst security solutions for laptop users are mature and widely available, solutions for smart handhelds are more limited. Automated backup and data synchronisation solutions can help restore data in the aftermath of theft or loss, but it would be far better if users were careful from the start. Sometimes the level of investment in technology solutions has to be weighed against the protection offered to the business, and suitable insurance cover coupled with an effectively policed user policy on replacement might be more cost effective.

The comments of many of those surveyed suggested user naivety or carelessness was a particular problem, and this was just as true in the boardroom as elsewhere – executives, PDAs and security being a poor mix. This is not "user abuse or misuse", despite over a third raising that as a support challenge, it is just a lack of care.

How to stop devices falling into the wrong hands, or leaving their rightful ones? One survey respondent ruefully suggested – think mittens with strings up the sleeves. The way some people take so little care of their employers’ technology, there’s probably the germ of an idea there. However given the desire for the latest and greatest, perhaps the best solution is to reward those persistently careless with a five-year-old mobile phone – monochrome screen, one ringtone, no email and sufficient bulk to build muscles and distort pockets.

For a closer look at the considerations, read our report (PDF) looking at the challenges of managing mobile devices and users.

© Quocirca.

The Power of One Infographic

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
All those new '5G standards'? Here's the science they rely on
Radio professor tells us how wireless will get faster in the real world
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Oh girl, you jus' didn't: Level 3 slaps Verizon in Netflix throttle blowup
Just hook us up to more 10Gbps ports, backbone biz yells in tit-for-tat spat
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.