News Stay informed about the latest enterprise technology news and product updates.

Are mobile devices opening the network perimeter?

A Burton Group report suggests that enterprise networks -- and the data they safeguard -- may be at risk because of unsecured mobile devices.

Mobile technology can increase workplace productivity, but it can also put enterprise networks at risk.

In a new Burton Group report, "Managing and securing the mobile device," Michael Disabato, vice president and service director for Burton Group, suggests that there are security risks that accompany the migration toward a mobile workforce, and that an enterprise needs to take the proper precautions to protect its network.

In his report, Disabato says that the growing mobile worker community has "shredded" the concept of the fixed network perimeter, as defined by the centrally controlled firewall. Mobile workers now bring the network edge with them as they travel -- thanks to PDAs and laptops.

"Essentially, the network perimeter is now in each mobile device," Disabato said.

PDAs and smart phones, while incapable of executing malicious code written for the desktop, can still be "carriers" of infected documents. Disabato said that these infections were the first indication that all segments of the mobile device market needed protection.

One of the most preventable security compromises that have grown from the mobile devices, according to Disabato, is the simple fact that users misplace their laptops.

"It's user negligence," he said. "One of the things I recommend is to start having employees pay for the equipment they use."

According to Disabato, a lost or stolen laptop is not only a security risk for the company, but it can also lead to a legal battle. Three key pieces of legislation have been enacted to secure the confidentiality of personal, financial and corporate records: the Sarbanes-Oxley Act, Graham-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA).. When a device is lost, it can expose confidential business records, leading to severe civil penalties, Disabato said, even if the exposure was unintentional.

Disabato's advice for information security and IT departments is that they focus on a balanced approach between security and cost-effectiveness. He recommends that every company conduct a risk analysis for all information that will travel over mobile connections. All sensitive information should either be encrypted or transmitted using encrypted-tunnel VPNs.

For more information

Learn how to protect phones and handhelds from attack.

Read why good policy can mitigate mobile security risks.

Aside from encrypting data and being responsible with their mobile devices, users must also learn to communicate with IT and security staff, and vice versa. Disabato said that policies must remain consistent; what is unacceptable for security on the road,, must remain unacceptable in the office.

Additionally, IT departments need to ensure that virus scanners, security updates, encryption software, spyware prevention and other security measures remain unobtrusive and part of the user's daily life.

"If it's too complicated for someone in the security industry, it's going to be impossible for an accountant," Disabato said.

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.