Computers and mobile devices using wireless networks are posing increasing threats to their organizations’ computer systems, although there are ways IT managers can reduce risk, according to analysts.
IT managers do not have much control over end points, and even the devices used on those end points may be employees’ home computers, says Jay Heiser, research vice-president with Gartner Inc. Those employees are also demanding more services and flexibility for an ever wider array of devices, increasing demand on IT departments, he says.
“IT doesn’t want to be nursemaiding a bunch of users on laptops,” says Heiser. “The risks seem to be expanding faster than our ability to deal with them.”
Several methods can be employed to reduce the risk of users on questionable end points, says Heiser. Patching, protecting portals and gateways, as well as an awareness of an organization’s system architecture are key.
Authenticating with user names and passwords isn’t reliable, since sniffer programs can pick up new ones despite long lengths or frequent expiration dates, says Heiser. If a user can’t be authenticated on a system, then “you might as well live with the worms,” he says.
Limiting the software on end point machines helps reduce the complexity, says Heiser. “Only allow what is absolutely necessary to get the job done.”
Also, the tighter the configurations are, the lower the chance for a security failure.
It’s expected that as mobile phones and personal digital assistants become more complex, they are more likely to suffer the same ailments, although now it is expensive to encrypt them. “Tomorrow, we expect to see worms on mobile phones,” says Heiser.
Encryption can help preserve data loss, but that data should also be backed up, he says. The trend is moving toward automated back-up in clear text.
Other options for more secure end points entail pushing lightweight code to the end points, treating those machines as just terminals.
Programs can run Active X or Java, but would be shielded from the host system, ideally isolated from them, says Heiser.
A universal configuration management system — one that ensures every machine is up to date rather than a sporadic “vitamin” approach — will help ensure integrity, he says. All it takes is “one bad apple to ruin the barrel,” says Heiser.