Are mobile devices opening the network perimeter?

By Jack Loftus, News Writer 19 Apr 2004 | SearchMobileComputing.com

Digg This!     StumbleUpon     Del.icio.us

Mobile technology can increase workplace productivity, but it can also put enterprise networks at risk.

In a new Burton Group report, "Managing and securing the mobile device," Michael Disabato, vice president and service director for Burton Group, suggests that there are security risks that accompany the migration toward a mobile workforce, and that an enterprise needs to take the proper precautions to protect its network.

In his report, Disabato says that the growing mobile worker community has "shredded" the concept of the fixed network perimeter, as defined by the centrally controlled firewall. Mobile workers now bring the network edge with them as they travel -- thanks to PDAs and laptops.

"Essentially, the network perimeter is now in each mobile device," Disabato said.

PDAs and smart phones, while incapable of executing malicious code written for the desktop, can still be "carriers" of infected documents. Disabato said that these infections were the first indication that all segments of the mobile device market needed protection.

One of the most preventable security compromises that have grown from the mobile devices, according to Disabato, is the simple fact that users misplace their laptops.

"It's user negligence," he said. "One of the things I recommend is to start having employees pay for the equipment they use."

According to Disabato, a lost or stolen laptop is not only a security risk for the company, but it can also lead to a legal battle. Three key pieces of legislation have been enacted to secure the confidentiality of personal, financial and corporate records: the Sarbanes-Oxley Act, Graham-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA).. When a device is lost, it can expose confidential business records, leading to severe civil penalties, Disabato said, even if the exposure was unintentional.

Disabato's advice for information security and IT departments is that they focus on a balanced approach between security and cost-effectiveness. He recommends that every company conduct a risk analysis for all information that will travel over mobile connections. All sensitive information should either be encrypted or transmitted using encrypted-tunnel VPNs.

For more information Learn how to protect phones and handhelds from attack. Read why good policy can mitigate mobile security risks.

Aside from encrypting data and being responsible with their mobile devices, users must also learn to communicate with IT and security staff, and vice versa. Disabato said that policies must remain consistent; what is unacceptable for security on the road,, must remain unacceptable in the office.

Additionally, IT departments need to ensure that virus scanners, security updates, encryption software, spyware prevention and other security measures remain unobtrusive and part of the user's daily life.

"If it's too complicated for someone in the security industry, it's going to be impossible for an accountant," Disabato said.

Tags: Mobile Device Security,  Hackers and Threats to your Mobile Enterprise,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Device Security Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Securing your Windows Mobile devices Mobile security: Protecting your data, not just your devices Prevent mobile malware: Learn how to protect your enterprise and devices Podcast: The truth about network security and mobile device access Protecting data on your BlackBerry Going green: Recycling and energy saving tips for mobile devices -- podcast New challenges in mobile device discovery Quiz: Mobile Device Security -- Who else can hear me now? Mobile Device Security Research Hackers and Threats to your Mobile Enterprise Mobile security threats Securing corporate data on your laptops iPhone hacking: Lessons from the front line Trends in mobile computing Traditional security threats coming soon to mobile device near you Prevent mobile malware: Learn how to protect your enterprise and devices On-device defenses for mobile malware Is malware coming to a smartphone near you? New challenges in mobile device discovery Mobile security – Understanding and controlling risks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary mobile VPN  (SearchMobileComputing.com) real-time location system (RTLS)  (SearchMobileComputing.com) screaming cell phone  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary