Tackling threats

Security concerns are the biggest worry for companies seeking to turn their business into mobile enterprise

  • E-Mail
By  Chris Whyatt Published  May 28, 2006

|~|securitybody.jpg|~|Mobile technology has made the wireless office a reality — and also made mobile workers vulnerable to new threats.|~|Ask vendors to name the key feature of their enterprise mobility offerings and they will come up with a swift response: security. Ask any business to name the most pressing concern about becoming a mobile enterprise and the answer will be the same, only quicker: security. As handheld mobile solutions come to the attention of businesses, IT managers and CIOs are paying particularly close attention to security issues. And as wireless technology becomes more sophisticated and widespread, it becomes the subject of attacks by hackers. According to a recent report by Internet Security Systems (ISS), a number of companies lack the necessary security me- asures to protect their wireless technology. “Wireless technology creates a competitive advantage and is an integral part of an enterprise’s network,” the X-Force Threat Insight Quarterly report states. “The challenge comes when attempting to seamlessly integ- rate a wireless network into the existing infrastructure while also trying to address security,” it adds. Jim Morrison, CEO and founder of i-mate, points to the amo- unt of information that is now held on mobile devices as prime bait for illegal activity. “Anyone running e-mails has confidential information coming in,” he says. “The chances are they will have attached documents on their devices. With laptops, which are secured in a great way by corporates with lockdown, people call it the ‘iron curtain’ — because IT managers say this is what you can and cannot do with it,” he adds. Morrison claims the firm’s i-mate Suite is the first to introduce the capability on mobile devices, though he admits this is a complicated business. “The suite makes sure that nobody else can get access to your Excel spreadsheet, for example, and that you can’t load in other applications that make up viruses or worms — or a whole bunch of other security features that go back into the enterprise,” he claims. “We are talking to lots of corporates in the Middle East who want security, both on each device and also on devices within their network. They want to take more control because when it started they had one or two, now they have hundreds,” he adds. Microsoft’s agreement this month to buy Whale Communications, a vendor of firewalls and other security technologies which specialises in Windows-based security systems, indicates the emerging concern over threats within the industry. Whale Communications has expertise in security for secure sockets layer (SSL) virtual private networks (VPNs) that enable mobile workers to access enterprise networks over the internet, and analysts have said the acquisition validates SSL VPN as the de facto standard for securing remote access. The Middle East currently lacks a comprehensive broadband infrastructure. However, the region is embarking on expa- nding networks and increasing accessibility. Samir Al Schamma, general manager GCC for Intel, singles out WiMax as being ‘very important for mobility in general’ in the region, citing only Dubai as an exception to the Middle East rule. “Not that many people have access to broadband. Digital subscriber lines (DSL) lines are not that prevalent because of this lack of infrastructure,” he says. “The only way to get everybody onto broadband is to move to WiMax,” he claims, and points to Intel’s Riyadh office actively using this technology. “Previously we were struggling with very slow DSL lines. So it’s crucial for enterprise mobility today,” he adds. However connectivity is just one of the factors that enterprises should be examining.||**||Mobile measures|~||~||~|When you look at mobility today, most people just talk about notebooks, battery and internet connectivity… which is what we were pitching two or three years ago,” Al Schamma stresses. “Enterprises now need to look beyond this, clearly addressing security, manageability and active management technology. A lot of stuff they can do online. On our Duo platform we have a lot of technologies, such as day-to-day operating systems, where they can put in different patches and manage it virtually,” he says. The ISS report also draws attention to WiPhishing, where an attacker sets up a wireless-enabled laptop or access point using a service set identifier (SSID) — a network name used for an existing network. This is used to attempt to trick users into thinking they are connecting to a legitimate network or hotspot, and once a connection is made the hacker can intercept the victim’s traffic to obtain and record personal and corporate data. Vendors, while acknowledging this as a serious concern, are looking at physical security solutions. Toshiba has introduced a number of security solutions on its notebooks including fingerprint reader identification — which uses a biometric sensor to give user the password so they can log on to the system — and anti-theft protection. It also uses a clustered platform model: a separate chip that sits on the motherboard on which all the password information is stored. Another feature allows a set of passwords to trigger a timeframe set for the password to come up. Without the genuine user’s input, the system shuts down. Device locking is another solution for today’s notebooks and laptop PCs. Users can lock all the I/O (input/ output) ports, just like locking your doors and windows at home. It also has the ability to lock a device if it is lost or stolen. “Nobody can get in,” claims Santosh Varghese, regional sales and marketing manager, Toshiba. “These technologies are definitely required for day-to-day mobility,” he adds. Recent research from US analyst firm Light Reading has found that smartphones and other high-end wireless devices used within an enterprise may pose significant security risks for IT departments that do not take adequate measures to protect network resources. The report identifies the potential entry points of malware programs, as does the ISS report, including viruses that target the operating systems driving mobile devices, such as Research In Motion’s BlackBerry. Most alarming of all, both ISS and Light Reading claim that some malware can infect a handset and jump to a PC during syncing, extending the security risk to all enterprise IT resources. “The rapid uptake of advanced wireless devices by the enterprise workforce is making malware a more serious threat to telecoms and IT resources,” said Tim Kridel, research analyst and author of the report. “Today’s mobile operating systems, such as Symbian and Windows Mobile, are used by dozens of vendors across dozens of models. This makes it possible to write a single piece of malware that targets a pool of potential victims numbering in the hundreds of thousands, or even millions,” he adds. The report concludes that while most mobile viruses cause minimal damage to handsets and their stored data, the costs of lost user productivity and increased IT support can be significant. “When people ask me where my office is, I say it is all around me,” Intel’s Samir Al Schamma claims. And this, as businesses morph into mobile enterprises, could be the biggest security scenario of all. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code