Loose ends make a dodgy shield

Computers and mobile devices using wireless networks are posing increasing threats to their organizations’ computer systems, although there are ways IT managers can reduce risk, according to analysts.

IT managers do not have much control over end points, and even the devices used on those end points may be employees’ home computers, says Jay Heiser, research vice-president with Gartner Inc. Those employees are also demanding more services and flexibility for an ever wider array of devices, increasing demand on IT departments, he says.

“IT doesn’t want to be nursemaiding a bunch of users on laptops,” says Heiser. “The risks seem to be expanding faster than our ability to deal with them.”

Several methods can be employed to reduce the risk of users on questionable end points, says Heiser. Patching, protecting portals and gateways, as well as an awareness of an organization’s system architecture are key.

Authenticating with user names and passwords isn’t reliable, since sniffer programs can pick up new ones despite long lengths or frequent expiration dates, says Heiser. If a user can’t be authenticated on a system, then “you might as well live with the worms,” he says.

Limiting the software on end point machines helps reduce the complexity, says Heiser. “Only allow what is absolutely necessary to get the job done.”

Also, the tighter the configurations are, the lower the chance for a security failure.

It’s expected that as mobile phones and personal digital assistants become more complex, they are more likely to suffer the same ailments, although now it is expensive to encrypt them. “Tomorrow, we expect to see worms on mobile phones,” says Heiser.

Encryption can help preserve data loss, but that data should also be backed up, he says. The trend is moving toward automated back-up in clear text.

Other options for more secure end points entail pushing lightweight code to the end points, treating those machines as just terminals.

Programs can run Active X or Java, but would be shielded from the host system, ideally isolated from them, says Heiser.

A universal configuration management system — one that ensures every machine is up to date rather than a sporadic “vitamin” approach — will help ensure integrity, he says. All it takes is “one bad apple to ruin the barrel,” says Heiser.

QuickLink: 061083

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads