Mobility puts more pressure on secu

As the mobile market continues to heat up, even surpassing that of the desktop, it is important for corporations to maintain a high level of security around these devices.

Companies will have to deal with the many standards that surround mobile security, not to mention the decreasing costs, according to Steve Rampado, a security analyst at professional services firm Deloitte & Touche.

As prices of laptops and personal digital assistants (PDAs) continue to decline, there is not much stopping employees from heading to Future Shop or another retailer and buying a portable computer – thereby foregoing IT completely, Rampado said from his Kitchener, Ont. office.

“This will bypass all efforts to secure devices to a gateway – if people are just bringing them in from outside and plugging them into a boardroom,” Rampado said. “(Mobile devices) are coming out of the box and they are not security-enabled.”

Many laptops geared to home users are making their way into corporations, Rampado said, adding that Deloitte’s message is simple: “Please take precautions.”

Jason Conyard, director of wireless product management at Symantec Corp. in Cupertino, Calif., said the first part of building a secure wireless infrastructure is to make sure you have a secure wired infrastructure.

“Building or adding on wireless capabilities to an infrastructure that is not secure, is not healthy,” Conyard said. He added that mobile devices seem to be outpacing networks, in terms of technical ability. He cited the increased power of the devices, their inherent flexibility and drastically improved memory as three areas where mobile devices outperform network elements.

Toni Rosati, vice-president of marketing for Mississauga, Ont.-based Certicom, a wireless security solutions company, said enterprises want to port desktop applications over to a mobile environment. He noted this is a good thing because people generally use portable computers the same way they used desktops – for e-mail, calendaring and Web browsing.

Rosati said virtual private networks (VPNs) allow enterprises to extend networks over the Internet through secure tunnels.

Doug Cooper, country manager for Intel of Canada, said IT departments should incorporate profiles and access codes for people wanting to sign onto a network via a mobile device. It is also important to have a firewall protecting sensitive internal information from not only intruders, but also from prying employees inside the office.

Conyard suggested using authentication software or even taking advantage of biometric technology embedded into devices, such as fingerprint readers, to keep networks safe, even when mobile devices are attached to them.

The practice of war driving – whereby crackers literally drive around in search of vulnerable wireless networks via a mobile device – remains a prime consideration, according to Conyard and Rampado.

Conyard advised companies to encrypt not only on-device data but also the air connection between the device and the network. He said 802.11b, an air connection, is not inherently secure and requires extra protection to keep the network safe.

Rampado called war driving one of the biggest concerns.

“It is out there. You can go on the Net and there are access-point mapping sites. It’s turning into a hobby for hackers,” he said.

Along with encryption, VPNs and authentication to the networks, fighting an insecure wireless infrastructure takes frequent monitoring and frequent auditing. Rampado said there has been talk of wireless intrusion detection systems, but he hasn’t come across any yet.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now