|
Mobile computing devices such as notebook PCs, PDAs and smart phones have become an indispensable part of the modern enterprise. Unfortunately, the very portability that makes these devices attractive greatly increases the risk of exposing confidential data, of allowing network penetration, and of ?importing? infections inside the network. The core problem is that the majority of mobile devices lack the physical and electronic access controls necessary to maintain security in non-secure environments. As a consequence, data stored on mobile devices is much more ?at risk? than transmitted data.
User-controlled authentication and discretionary file encryption cannot provide sufficient or dependable security for enterprises. Only security products that combine enforceable, mandatory access control and automatic encryption provide the foundation for securing mobile devices. But even these mechanisms are not sufficient; in an enterprise setting, a special security infrastructure is required to deploy and maintain the security regime on multiple types of devices regardless of location. Pointsec security products offer the physical and electronic access control features essential for securing mobile devices, and the infrastructure necessary for enterprise usage.
Mobile computing devices have become part of the enterprise information and security infrastructure
Seemingly endless numbers of mobile computing devices are being deployed by organizations as a primary or auxiliary work platform. A wide range of machines including notebook PCs, tablets, handhelds, PDAs and smart-phones are used for production, not just reference, in a growing array of applications. This important trend is driven by pressures to reduce operating costs, improve service, and create greater flexibility.
Less obvious is the fact that mobile devices increasingly contain the most confidential and valuable information found in many organizations; in fact, one study indicates that about two-thirds of ?fresh and critical business data? resides on employee workstations, not on servers. Proprietary company files, passwords, user credentials, and logon scripts are frequently found on mobile computers. Company email stored on portable PCs and Web-enabled cell phones can also contain sensitive information.
Even without special security issues, the sheer number of mobile devices being deployed forces organizations of all sizes to consider the protection of data on mobile devices as an essential part of enterprise security planning. Ultimately this means that mobile device security must be of sufficient strength and sophistication to enforce and support corporate security policy. The crucial test is whether a given piece of data can reside as securely on a mobile device in a public place as it would on a desktop device within the company security perimeter.
The realization that mobile device security is a permanent enterprise security issue leads to the conclusion that it cannot be viewed as an ?add-on? expense any more than door locks can be considered an optional feature of a building. The real issue is not ROI but prudent management of vital corporate resources.
When viewed from the enterprise standpoint, the general requirements of mobile computer security become clear. The security mechanism must: i) Protect confidential data at a specific level of security as defined by company policy ii) Be scalable, easily deployable, and very robust iii) Not inconvenience or deter users or impair machine performance iv) Enable the organization to comply with applicable Federal regulations that mandate information security such as the Health Insurance and Accountability
Act (HIPAA) governing health care organizations, and the Gram-Leach-Bliley Act (GLBA) pertaining to financial institutions v) Protect against legal liabilities arising from claims of negligence in handling personal and private information vi) Enable the organization to retain full control of its data at all times and places
Mobile computing devices present special security challenges
It is increasingly clear that mobile devices present a special challenge to enterprise security. Portable devices are frequently used in public places with many opportunities for unauthorized access, loss, or theft. Studies suggest that up to15% of notebook PCs are lost or stolen each year, and the percentage of lost or stolen PDAs is obviously higher still. To compound the problem, mobile devices are frequently moved from ?inside? the perimeter to ?outside? and back again creating the possibility of inadvertently transporting rogue code such as viruses or Trojan horses inside the security perimeter.
|
