Feeds

Exec + PDA = security alert

Smart handheld, dumb user

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Reg Reader Studies Security has always been a concern when it comes to separating user access from the core of an IT system. Put terminals outside the machine room – you must be joking? Departmental servers out in the office – you what? Commercial data over the world wild web – too dangerous! Mobile access to precious and confidential data – why risk it?

Mobile devices, including smartphones, networked PDAs and mobile email handsets have become more prevalent as the gadgets for delivering productivity on the move. The sophistication of these handhelds combined with their small size is perceived to increase the IT security risks to any organisation permitting their use. But do they really punch a hole through the IT security perimeter, can they be infected with new airborne viruses and how vulnerable is sensitive data on the move if they are lost or stolen?

In a recent survey examining the issues of managing a mix of mobile technologies, conducted by Quocirca and the Register, security challenges are clearly the main issue and especially so for deploying small, smart handheld devices – PDAs, smartphones etc – but worryingly almost 40 per cent do not treat the security of these handhelds as seriously as laptops. Smart handheld deployment may be relatively limited, but 14 per cent have broad experience and altogether almost three quarters have some experience, even if unofficial, so this is not a problem to ignore.

Laptop deployments have been growing over the years, and remote dial-in modems are increasingly giving way to wireless and cellular data cards and chip sets, so the security problems associated with mobile laptops have kept the IT industry occupied for some time. Passwords, biometrics and smart ids can be used to secure the point of access; encryption and VPN tunnels to secure information as it flows en route; anti-virus software and firewalls to prevent laptops themselves from coming under attack.

Laptops are now well covered and only a small percentage do not believe their current solutions are very effective, but over a third recognise they must do more for smart handhelds. While today many handhelds are often only used for mobile access to email and simple contact management, the security problems will only grow as new applications and more data are used and stored on increasingly more capable devices.

Some technology can help, but technology by itself does not make the problems diasappear. The old mantra of people, process and products holds particularly true for IT security. Setting out a strong policy is the right start, but it must be communicated, understood, accepted and enforced. This is often difficult for an IT manager to enforce when the perpetrator is a senior executive.

Whilst security solutions for laptop users are mature and widely available, solutions for smart handhelds are more limited. Automated backup and data synchronisation solutions can help restore data in the aftermath of theft or loss, but it would be far better if users were careful from the start. Sometimes the level of investment in technology solutions has to be weighed against the protection offered to the business, and suitable insurance cover coupled with an effectively policed user policy on replacement might be more cost effective.

The comments of many of those surveyed suggested user naivety or carelessness was a particular problem, and this was just as true in the boardroom as elsewhere – executives, PDAs and security being a poor mix. This is not "user abuse or misuse", despite over a third raising that as a support challenge, it is just a lack of care.

How to stop devices falling into the wrong hands, or leaving their rightful ones? One survey respondent ruefully suggested – think mittens with strings up the sleeves. The way some people take so little care of their employers’ technology, there’s probably the germ of an idea there. However given the desire for the latest and greatest, perhaps the best solution is to reward those persistently careless with a five-year-old mobile phone – monochrome screen, one ringtone, no email and sufficient bulk to build muscles and distort pockets.

For a closer look at the considerations, read our report (PDF) looking at the challenges of managing mobile devices and users.

© Quocirca.

Security for virtualized datacentres

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Comcast exec: No, we haven't banned Tor. I use it. You're probably using it
Keep in mind if, say, your Onion browser craps out on Xfinity
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.