We prize mobile computing devices for the flexibility and convenience they provide, but mobility presents significant challenges for IT administrators charged with keeping their companies data and networks secure—particularly as mobile devices and networks have grown more sophisticated and ubiquitous. Whats more, the regulatory climate in which companies must operate is placing a greater demand on the control of corporate data.
While these challenges make managing security on mobile devices a trickier proposition, there are ways administrators can help plug the holes that mobile devices have a way of opening in your companys security infrastructure. However, theres no one-size-fits-all solution, and administrators will have to take a long, hard look at each and every user—and device—accessing corporate data to ensure that all the gaps are filled.
The more portable a device, the easier it is to lose—whether by accident or malicious intent. In any case, the digital booty these machines bear can range from one persons list of bank passwords to a spreadsheet containing the Social Security numbers and other personal information of tens of thousands of students—as the University of California, Berkeley, demonstrated a few months back when such a list left the campus on a pilfered notebook computer.
Often more important than the data stored on mobile devices is the role that these systems play as gateways to an organizations network resources—a lost notebook, combined with a VPN client and saved password (which Windows XPs built-in VPN client allows by default) can be an open invitation into your corporate network.
Its definitely preferable not to allow sensitive information to be carried around on a notebook, but it can be difficult to ensure that all users act intelligently with data in their care. And, as anyone familiar with bootable Linux rescue CDs can attest, recovering passwords and data from a typical Windows system is a fairly trivial affair.
This is where full-disk encryption products can bolster your organizations data defenses by rendering hard drives unreadable by unauthorized users.
In addition to the risks to locally stored data that mobility amplifies, mobile devices that connect to your organizations internal network must often do so over untrusted links.
In the case of Wi-Fi, wireless WANs and Bluetooth, this means piping potentially sensitive packets over the air, where malicious sniffers may lurk.
Vulnerabilities in WEP (Wired Equivalent Privacy) have drawn a lot of attention to the security hazards of wireless network communications, but vendors and standards bodies have learned their lessons and come up with better and more secure protocols.
One such protocol, WPA2 (Wi-Fi Protected Access 2), was ratified more than a year ago. However, it is only now being deployed, due in large part to its requirements for new hardware and software.
Although new products and standards go a long way toward transparently improving the fundamental security of computer systems that are too trusting by design, administrators cant truly secure their infrastructures without smart management policies.
Products such as Fiberlink Communications Corp.s Fiberlink Extend360, which we review here, can advance your organizations security cause by making sure that clients carry the proper set of system software and virus-signature updates before theyre allowed access to network resources.
Moving forward, were interested in seeing wider development of virtualization as a means for ensuring that sensitive data doesnt get left on vulnerable systems.
Products such as Sygate Inc.s Sygate On-Demand 2.5 offer very good endpoint integrity assurance and covert malware protection for remote Windows-based machines. On-Demand provides users connecting to company resources with a virtual desktop environment that works along with SSL (Secure Sockets Layer) VPNs and is accessible through untrusted or unmanageable systems such as airport kiosk systems.
Mobile devices have a way of poking holes through companies IT defenses. However, with smart management, administrators can reduce the vulnerabilities that mobile systems are heir to.
- Notebooks and handheld computers are easily carried away, and sensitive data can be just as easily carried away with them. Encrypting this data reduces the likelihood that it will fall into the wrong hands.
- Information that travels over wireless networks can be sniffed, so strong over-the-air encryption—be it through 802.11i, IP Security, SSH (Secure Shell) or SSL—is a must.
- Weak or compromised authentication will foil even the best encryption schemes Pursue multifactor authentication to ensure the integrity of your security perimeter.
- Mobile devices can be a vector for malware to enter your network Ensure that roaming systems receive virus and system upgrades, and deploy systems that will deny access to mobile clients that dont meet these requirements.
Senior Analyst Jason Brooks can be reached at [email protected].
Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.