Feeds

Exec + PDA = security alert

Smart handheld, dumb user

  • alert
  • submit to reddit

3 Big data security analytics techniques

Reg Reader Studies Security has always been a concern when it comes to separating user access from the core of an IT system. Put terminals outside the machine room – you must be joking? Departmental servers out in the office – you what? Commercial data over the world wild web – too dangerous! Mobile access to precious and confidential data – why risk it?

Mobile devices, including smartphones, networked PDAs and mobile email handsets have become more prevalent as the gadgets for delivering productivity on the move. The sophistication of these handhelds combined with their small size is perceived to increase the IT security risks to any organisation permitting their use. But do they really punch a hole through the IT security perimeter, can they be infected with new airborne viruses and how vulnerable is sensitive data on the move if they are lost or stolen?

In a recent survey examining the issues of managing a mix of mobile technologies, conducted by Quocirca and the Register, security challenges are clearly the main issue and especially so for deploying small, smart handheld devices – PDAs, smartphones etc – but worryingly almost 40 per cent do not treat the security of these handhelds as seriously as laptops. Smart handheld deployment may be relatively limited, but 14 per cent have broad experience and altogether almost three quarters have some experience, even if unofficial, so this is not a problem to ignore.

Laptop deployments have been growing over the years, and remote dial-in modems are increasingly giving way to wireless and cellular data cards and chip sets, so the security problems associated with mobile laptops have kept the IT industry occupied for some time. Passwords, biometrics and smart ids can be used to secure the point of access; encryption and VPN tunnels to secure information as it flows en route; anti-virus software and firewalls to prevent laptops themselves from coming under attack.

Laptops are now well covered and only a small percentage do not believe their current solutions are very effective, but over a third recognise they must do more for smart handhelds. While today many handhelds are often only used for mobile access to email and simple contact management, the security problems will only grow as new applications and more data are used and stored on increasingly more capable devices.

Some technology can help, but technology by itself does not make the problems diasappear. The old mantra of people, process and products holds particularly true for IT security. Setting out a strong policy is the right start, but it must be communicated, understood, accepted and enforced. This is often difficult for an IT manager to enforce when the perpetrator is a senior executive.

Whilst security solutions for laptop users are mature and widely available, solutions for smart handhelds are more limited. Automated backup and data synchronisation solutions can help restore data in the aftermath of theft or loss, but it would be far better if users were careful from the start. Sometimes the level of investment in technology solutions has to be weighed against the protection offered to the business, and suitable insurance cover coupled with an effectively policed user policy on replacement might be more cost effective.

The comments of many of those surveyed suggested user naivety or carelessness was a particular problem, and this was just as true in the boardroom as elsewhere – executives, PDAs and security being a poor mix. This is not "user abuse or misuse", despite over a third raising that as a support challenge, it is just a lack of care.

How to stop devices falling into the wrong hands, or leaving their rightful ones? One survey respondent ruefully suggested – think mittens with strings up the sleeves. The way some people take so little care of their employers’ technology, there’s probably the germ of an idea there. However given the desire for the latest and greatest, perhaps the best solution is to reward those persistently careless with a five-year-old mobile phone – monochrome screen, one ringtone, no email and sufficient bulk to build muscles and distort pockets.

For a closer look at the considerations, read our report (PDF) looking at the challenges of managing mobile devices and users.

© Quocirca.

Top three mobile application threats

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.