Mobile technology can increase workplace productivity, but it can also put enterprise networks at risk.
In a new Burton Group report, "Managing and securing the mobile device," Michael Disabato, vice president and service director for Burton Group, suggests that there are security risks that accompany the migration toward a mobile workforce, and that an enterprise needs to take the proper precautions to protect its network.
In his report, Disabato says that the growing mobile worker community has "shredded" the concept of the fixed network perimeter, as defined by the centrally controlled firewall. Mobile workers now bring the network edge with them as they travel -- thanks to PDAs and laptops.
"Essentially, the network perimeter is now in each mobile device," Disabato said.
PDAs and smart phones, while incapable of executing malicious code written for the desktop, can still be "carriers" of infected documents. Disabato said that these infections were the first indication that all segments of the mobile device market needed protection.
One of the most preventable security compromises that have grown from the mobile devices, according to Disabato, is the simple fact that users misplace their laptops.
"It's user negligence," he said. "One of the things I recommend is to start having employees pay for the equipment they use."
According to Disabato, a lost or stolen laptop is not only a security risk for the company, but it can also lead to a legal battle. Three key pieces of legislation have been enacted to secure the confidentiality of personal, financial and corporate records: the Sarbanes-Oxley Act, Graham-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA).. When a device is lost, it can expose confidential business records, leading to severe civil penalties, Disabato said, even if the exposure was unintentional.
Disabato's advice for information security and IT departments is that they focus on a balanced approach between security and cost-effectiveness. He recommends that every company conduct a risk analysis for all information that will travel over mobile connections. All sensitive information should either be encrypted or transmitted using encrypted-tunnel VPNs.
Additionally, IT departments need to ensure that virus scanners, security updates, encryption software, spyware prevention and other security measures remain unobtrusive and part of the user's daily life.
"If it's too complicated for someone in the security industry, it's going to be impossible for an accountant," Disabato said.