Feeds

Exec + PDA = security alert

Smart handheld, dumb user

  • alert
  • submit to reddit

High performance access to file storage

Reg Reader Studies Security has always been a concern when it comes to separating user access from the core of an IT system. Put terminals outside the machine room – you must be joking? Departmental servers out in the office – you what? Commercial data over the world wild web – too dangerous! Mobile access to precious and confidential data – why risk it?

Mobile devices, including smartphones, networked PDAs and mobile email handsets have become more prevalent as the gadgets for delivering productivity on the move. The sophistication of these handhelds combined with their small size is perceived to increase the IT security risks to any organisation permitting their use. But do they really punch a hole through the IT security perimeter, can they be infected with new airborne viruses and how vulnerable is sensitive data on the move if they are lost or stolen?

In a recent survey examining the issues of managing a mix of mobile technologies, conducted by Quocirca and the Register, security challenges are clearly the main issue and especially so for deploying small, smart handheld devices – PDAs, smartphones etc – but worryingly almost 40 per cent do not treat the security of these handhelds as seriously as laptops. Smart handheld deployment may be relatively limited, but 14 per cent have broad experience and altogether almost three quarters have some experience, even if unofficial, so this is not a problem to ignore.

Laptop deployments have been growing over the years, and remote dial-in modems are increasingly giving way to wireless and cellular data cards and chip sets, so the security problems associated with mobile laptops have kept the IT industry occupied for some time. Passwords, biometrics and smart ids can be used to secure the point of access; encryption and VPN tunnels to secure information as it flows en route; anti-virus software and firewalls to prevent laptops themselves from coming under attack.

Laptops are now well covered and only a small percentage do not believe their current solutions are very effective, but over a third recognise they must do more for smart handhelds. While today many handhelds are often only used for mobile access to email and simple contact management, the security problems will only grow as new applications and more data are used and stored on increasingly more capable devices.

Some technology can help, but technology by itself does not make the problems diasappear. The old mantra of people, process and products holds particularly true for IT security. Setting out a strong policy is the right start, but it must be communicated, understood, accepted and enforced. This is often difficult for an IT manager to enforce when the perpetrator is a senior executive.

Whilst security solutions for laptop users are mature and widely available, solutions for smart handhelds are more limited. Automated backup and data synchronisation solutions can help restore data in the aftermath of theft or loss, but it would be far better if users were careful from the start. Sometimes the level of investment in technology solutions has to be weighed against the protection offered to the business, and suitable insurance cover coupled with an effectively policed user policy on replacement might be more cost effective.

The comments of many of those surveyed suggested user naivety or carelessness was a particular problem, and this was just as true in the boardroom as elsewhere – executives, PDAs and security being a poor mix. This is not "user abuse or misuse", despite over a third raising that as a support challenge, it is just a lack of care.

How to stop devices falling into the wrong hands, or leaving their rightful ones? One survey respondent ruefully suggested – think mittens with strings up the sleeves. The way some people take so little care of their employers’ technology, there’s probably the germ of an idea there. However given the desire for the latest and greatest, perhaps the best solution is to reward those persistently careless with a five-year-old mobile phone – monochrome screen, one ringtone, no email and sufficient bulk to build muscles and distort pockets.

For a closer look at the considerations, read our report (PDF) looking at the challenges of managing mobile devices and users.

© Quocirca.

SANS - Survey on application security programs

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.