ABC: An Introduction to Mobile Security

PAGE 2

ABCs of Mobile Security (Page 2)

What security do mobile devices need?

Some mobile devices—particularly laptops—have a clear set of risks, since they are portable computers that can store valuable data and include applications that access your network and enterprise resources. A stolen laptop can be a treasure trove of critical data as well as an easy conduit into your enterprise’s systems. But other devices—PDAs, smart phones, iPods and USB “thumb drives,” for example—that seem innocuous can also expose your company’s data or provide outsiders access to your systems if not properly secured.

Some of these security threats are handled at the network level—such as requiring the use of authentication and VPNs for remote access into corporate systems—for PCs, laptops and handhelds alike. Some of these security threats are part of your client management tools, such as password policy enforcement and malware detection. But mobile devices typically need extra protection of the data they store, in the form of encryption, so a lost or stolen device can’t become a treasure trove for data thieves. (And most states require that companies report any loss of unencrypted data involving consumers’ private information, a disclosure that is not only costly to execute but even more expensive in terms of lost trust.) In some cases, mobile devices may need extra protection such as the use of hardware-based authentication tokens so a thief can’t access your enterprise network even if he discovers the user’s password.

For the mobile devices I do need, isn’t password protection sufficient?

Enforced password protection is a great first step, so if the devices are lost or stolen, they can’t easily be used. Be sure that all log-in settings require the user to type in a password—if the laptop or PDA logs itself in to your network, you’ll now have a significant breach potential. Be sure that the password is complex enough (at least eight characters, including a mix of numbers and letters) to resist hacking but not so difficult that users tape them to their devices. Also pay attention to how long a device may be idle before a password is required to use it again, suggests Paul Kocher, chief scientist for cryptography at technology consultant Cryptography Research. A long idle time will let someone walk away with a laptop at an airport or café and still have access to its contents, while a very short time-out period will require users to constantly enter their passwords, making them accessible to shoulder-surfers. A good rule of thumb is that two to five minutes of inactivity should trigger a password request.

If the data is particularly sensitive, you may want to use a second form of authorization—such as a smart card reader, fingerprint reader, SecurID token or challenge/response system—so that a thief needs more than a password to access the device. Note that this second-authentication strategy is more plausible on a laptop than on handheld devices such as PDAs, for which there are typically no such hardware tokens available.

But password protection (even when augmented with a second form of authentication) by itself won’t help secure the locally stored data. If a data thief removes the hard drive from a laptop, the data is easily opened from another computer.
Loading...
Mobile MarketSpace
White Papers
The CIO's Guide to Wireless in the Enterprise
 This guide provides a basic overview and worksheet of mobile computing for those who are interested in evaluating a wireless enterprise solution. Read This White Paper »
The CIO's Guide to Mobile Applications
 A primary strength of a wireless application is to ideally offer users a stable connection, regardless of location and enable users to access their information while on the go. Read This White Paper »
The CIO's Guide to Mobile Security: Executive Overview and Checklist
 This document examines six key mobile computing security concerns that an IT department should consider when evaluating a wireless solution. Read This White Paper »
Business Drivers for Mobile Unified Communications
 See results from a recent survey to learn the common barriers of implementation and find out how you can implement mobile unified communications without replacing your existing infrastructure. Read this White Paper »
The Business Value of Mobile Social Networks
 Learn about the evolving technologies in the social networkign market and how the next generation of location-aware handheld devices will change the way business is conducted. Read this White Paper »
Automating Field Technicians with Smartphones
 Find out why a large telecommunications organization chose smartphones over laptops. The result was a cost savings of $1.6 million, improved customer service and more. Read this White Paper »
 
SPONSORED LINKS
 

White Paper: Take your Call Center to the Next Level

Is Your WLAN Helping You Comply with Security Guidelines of the PCI Standard?

White Paper: Improve Employee Efficiency and Reduce Telecom Costs

Dramatically boost network capacity and speed-up to 600 Mbps

Mobility is Growing: Survey Shows Why CIOs are Concerned

Virtualization Benchmark and TCO Analysis-Read Now

White Paper: Scaling Down HPC for Smaller Organizations

White Paper: Never Enough Compute Power?

Microsoft Windows Vista Cost and Benefit Estimator

White Paper: Efficient Desktop Application Management

White Paper: Green Issues for Networking

White Paper: The Roadmap to Data Center Automation

Learn how companies are changing how they reach out to their most profitable customers.

Get help navigating the management challenges of virtualization.

Narrow the gap between virtualization's benefits and the management risks.

Cash in on the promise of virtualization

Complementary BI: The New Approach to Business Intelligence

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Customer Insight Yields Sales, Marketing Gains

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

File Integrity Monitoring: Prove compliance and secure your IT environments

Affordable technology-no compromise. HP server solutions

SOA Educational Library at the TIBCO SOA Resource Center

CIO Viewpoints: Migrating to Exchange 2007

White Paper: Enabling Next Generation IP Communications

White Paper: A Cohesive Network Security Approach

Why Your Firewall, VPN, and IEEE Aren't Enough to Protect Your Network

Webcast - "Into the Wild: Managing Laptops Outside the Office"

Unified Communications & Collaboration: Game-Changing Business Results

Server Virtualization Benchmark Results

Learn to Leverage Maximum Computing Power

Windows Vista: Essential Benefits and Deployment Strategies

Best Practices: Safe and Secure Hardware Asset Recovery

White Paper: Migrating to Windows Vista and Microsoft Office 2007 Together

New IDG Survey Results on Data Center Automation

Operational Excellence Is Key to Maximizing IT Investments

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Find out how to manage virtualization's risks and reap the rewards.

Conquer the realities of managing virtualization

Remote Infrastructure Management - What Your Peers are Thinking

Learn what it takes to build a holistic digital collaboration platform

Make Hidden Trends, Inter-Relationships and Influences Visible.

Improve delivery of product information to customers.

Renowned Engineering Institution Chooses AMD Processor-Based Servers

Corral, configure and control all your mischievous machinery with a Lantronix device server

Spend less. Get hosted UC. Get cash back. It's easy under a Cypress

Predict the future with HP Insight Power Manager

Log onto Hitachi True Stories, films inspired by the next great achievement

Earn PROFESSIONAL DOCTORATE Part-Time, Online at Syracuse University's iSchool

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords