Feeds

Exec + PDA = security alert

Smart handheld, dumb user

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Reg Reader Studies Security has always been a concern when it comes to separating user access from the core of an IT system. Put terminals outside the machine room – you must be joking? Departmental servers out in the office – you what? Commercial data over the world wild web – too dangerous! Mobile access to precious and confidential data – why risk it?

Mobile devices, including smartphones, networked PDAs and mobile email handsets have become more prevalent as the gadgets for delivering productivity on the move. The sophistication of these handhelds combined with their small size is perceived to increase the IT security risks to any organisation permitting their use. But do they really punch a hole through the IT security perimeter, can they be infected with new airborne viruses and how vulnerable is sensitive data on the move if they are lost or stolen?

In a recent survey examining the issues of managing a mix of mobile technologies, conducted by Quocirca and the Register, security challenges are clearly the main issue and especially so for deploying small, smart handheld devices – PDAs, smartphones etc – but worryingly almost 40 per cent do not treat the security of these handhelds as seriously as laptops. Smart handheld deployment may be relatively limited, but 14 per cent have broad experience and altogether almost three quarters have some experience, even if unofficial, so this is not a problem to ignore.

Laptop deployments have been growing over the years, and remote dial-in modems are increasingly giving way to wireless and cellular data cards and chip sets, so the security problems associated with mobile laptops have kept the IT industry occupied for some time. Passwords, biometrics and smart ids can be used to secure the point of access; encryption and VPN tunnels to secure information as it flows en route; anti-virus software and firewalls to prevent laptops themselves from coming under attack.

Laptops are now well covered and only a small percentage do not believe their current solutions are very effective, but over a third recognise they must do more for smart handhelds. While today many handhelds are often only used for mobile access to email and simple contact management, the security problems will only grow as new applications and more data are used and stored on increasingly more capable devices.

Some technology can help, but technology by itself does not make the problems diasappear. The old mantra of people, process and products holds particularly true for IT security. Setting out a strong policy is the right start, but it must be communicated, understood, accepted and enforced. This is often difficult for an IT manager to enforce when the perpetrator is a senior executive.

Whilst security solutions for laptop users are mature and widely available, solutions for smart handhelds are more limited. Automated backup and data synchronisation solutions can help restore data in the aftermath of theft or loss, but it would be far better if users were careful from the start. Sometimes the level of investment in technology solutions has to be weighed against the protection offered to the business, and suitable insurance cover coupled with an effectively policed user policy on replacement might be more cost effective.

The comments of many of those surveyed suggested user naivety or carelessness was a particular problem, and this was just as true in the boardroom as elsewhere – executives, PDAs and security being a poor mix. This is not "user abuse or misuse", despite over a third raising that as a support challenge, it is just a lack of care.

How to stop devices falling into the wrong hands, or leaving their rightful ones? One survey respondent ruefully suggested – think mittens with strings up the sleeves. The way some people take so little care of their employers’ technology, there’s probably the germ of an idea there. However given the desire for the latest and greatest, perhaps the best solution is to reward those persistently careless with a five-year-old mobile phone – monochrome screen, one ringtone, no email and sufficient bulk to build muscles and distort pockets.

For a closer look at the considerations, read our report (PDF) looking at the challenges of managing mobile devices and users.

© Quocirca.

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?