Home > Mobile Computing Tips > Mobile Security > Experts: Security no excuse for avoiding mobile devices
Mobile Computing Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

MOBILE SECURITY

Experts: Security no excuse for avoiding mobile devices


Edward Hurley, News Writer
04.08.2003
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Enterprises that do not want to include mobile devices in their environments often use security as an excuse, saying they fear the loss of sensitive data that could result from a PDA being stolen or an unsecured wireless connection used.

Such concerns are no longer viable, said Kevin Burden, program manager for smart handheld devices at Framingham, Mass.-based International Data Corp. (IDC). There are technologies available to properly secure mobile devices that are endorsed by the National Security Agency, the CIA and the FBI. "If they are good enough for them, then they should be good enough for most companies," he said. "They just need to do their homework."

For example, there are ways to make devices lock or destroy lost data by sending the machine a special message. Also, some mobile devices have high-powered processors that will support 128-bit encryption, Burden said.

Mobile devices do pose unique challenges, from a security prospective. There are some general steps users can take to address them, like integrating security programs for mobile and wireless systems into the overall security blueprint, said Tim Scannell, president and principal analyst for Quincy, Mass.-based Shoreline Research Inc. Here are a few more suggestions from Scannell:
  • Implement strong asset management, virus checking, loss prevention and other controls for mobile systems that will prohibit unauthorized access and the entry of corrupted data.
  • Investigate alternatives that allow secure access to company information through a firewall, such as mobile VPNs.
  • Develop a system of more frequent and thorough security audits for mobile devices.
  • Incorporate security awareness into your mobile training and support programs, so that everyone understands just how important an issue security is within a company's overall IT strategy.
Perhaps the first step in securing mobile devices is creating company policies that address the unique issues these devices raise. Such questions include what an employee should do if a device is lost or stolen. Gene Fredriksen, vice president of information security for Raymond James Financial, said his company's policy includes notifying the appropriate law enforcement agency and changing passwords. User accounts are "closely monitored for unusual activity for a period of time," he said during a recent e-mail interview.

There are a couple of ways companies can go about creating policy for mobile devices. One way is creating a distinct mobile computing policy. Another way is including such devices under existing policy. There are also approaches in-between, where mobile devices fall both under existing general policies and a new one.

Raymond James Financial take this hybrid approach, where a new policy is created to address the specific needs of mobile devices (such as what to do if they are lost or stolen) but more general usage issues fall under general IT policies.

As part of that approach, the "acceptable use" policy for other technologies is extended to mobile devices. "There should not be a separate one for wireless, LAN, WAN, etc. ... That is a problem waiting to happen," Fredriksen said, noting that a properly written network policy can cover all connections to company data, including mobile and wireless.

Companies new to mobile devices may adopt an umbrella mobile policy but find over time that they will need to tweak it to match the challenges posed by different kinds of devices, Burden said. For example, wireless devices pose different challenges than non-wireless devices. Also, employees who use mobile devices more than 20% of the time will have different requirements than less-frequent users.

Over time, companies may create separate policies for mobile devices based on whether they connect wirelessly and with distinctions for devices that connect to WANs and LANs, he said.

It's never too early to start planning for mobile devices, even if a company can't afford them at this time, Burden said. The adoption of the technology has been slowed by the weak economy. But by contemplating its uses, companies may think of ways they can use it and, perhaps just as important, how their competitors will use it. "When the economy improves, your competitors will be executing their plans. If you don't have a plan, you'll find yourself severely behind the curve," he said.


Rate this Tip
To rate tips, you must be a member of SearchMobileComputing.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Mobile Security
Mobile security threats
Two-factor authentication: Mobile security at your fingertips
Securing your Windows Mobile devices
In-the-cloud defenses for mobile malware
On-device defenses for mobile malware
Is malware coming to a smartphone near you?
Protecting data on your BlackBerry
Defining your mobile security policy
Government regulations and mobile security policies
Symbian: Protect your data, not just your device

Mobile Device Security
Fingerprint recognition and mobile security
Traditional security threats coming soon to mobile device near you
Securing your Windows Mobile devices
Mobile security: Protecting your data, not just your devices
Prevent mobile malware: Learn how to protect your enterprise and devices
Podcast: The truth about network security and mobile device access
Protecting data on your BlackBerry
Going green: Recycling and energy saving tips for mobile devices -- podcast
New challenges in mobile device discovery
Quiz: Mobile Device Security -- Who else can hear me now?
Mobile Device Security Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
mobile VPN  (SearchMobileComputing.com)
real-time location system (RTLS)  (SearchMobileComputing.com)
screaming cell phone  (SearchMobileComputing.com)
SMiShing  (SearchMobileComputing.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Mobile Computing Security - Device Security, Mobile Authentication, Mobile Threats

Notebook Deals at Notebook Review
HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersProducts
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts