Article

Are mobile devices opening the network perimeter?

Jack Loftus, News Writer

Mobile technology can increase workplace productivity, but it can also put enterprise networks at risk.

In a new Burton Group report, "Managing and securing the mobile device," Michael Disabato, vice president and service director for Burton Group, suggests that there are security risks that accompany the migration toward a mobile workforce, and that an enterprise needs to take the proper precautions to protect its network.

In his report, Disabato says that the growing mobile worker community has "shredded" the concept of the fixed network perimeter, as defined by the centrally controlled firewall. Mobile workers now bring the network edge with them as they travel -- thanks to PDAs and laptops.

"Essentially, the network perimeter is now in each mobile device," Disabato said.

PDAs and smart phones, while incapable of executing malicious code written for the desktop, can still be "carriers" of infected documents. Disabato said that these infections were the first indication that all segments of the mobile device market needed protection.

One of the most preventable security compromises that have grown from the mobile devices, according to Disabato, is the simple fact that users misplace their laptops.

"It's user negligence," he said. "One of the things I recommend is to start having employees pay for the equipment they use."

According to Disabato, a lost or stolen laptop is not only a security risk for the company,

    Requires Free Membership to View

    Login

but it can also lead to a legal battle. Three key pieces of legislation have been enacted to secure the confidentiality of personal, financial and corporate records: the Sarbanes-Oxley Act, Graham-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA).. When a device is lost, it can expose confidential business records, leading to severe civil penalties, Disabato said, even if the exposure was unintentional.

Disabato's advice for information security and IT departments is that they focus on a balanced approach between security and cost-effectiveness. He recommends that every company conduct a risk analysis for all information that will travel over mobile connections. All sensitive information should either be encrypted or transmitted using encrypted-tunnel VPNs.

For more information

Learn how to protect phones and handhelds from attack.

Read why good policy can mitigate mobile security risks.
Aside from encrypting data and being responsible with their mobile devices, users must also learn to communicate with IT and security staff, and vice versa. Disabato said that policies must remain consistent; what is unacceptable for security on the road,, must remain unacceptable in the office.

Additionally, IT departments need to ensure that virus scanners, security updates, encryption software, spyware prevention and other security measures remain unobtrusive and part of the user's daily life.

"If it's too complicated for someone in the security industry, it's going to be impossible for an accountant," Disabato said.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top