Thursday, November 10, 2005

Loss, theft still No. 1 threat to mobile data writes a feature article finds "when it comes to security threats against data on mobile devices, malware, viruses and worms still don't hold a candle to loss and theft."

Tim Scannell at Shoreline Research noted "many companies have taken the attitude that devices will inevitably go missing and are willing to absorb the cost. However, companies are not as forgiving when those devices contain data that should be protected." He said, "It's a significant danger. And it's going to be even more of a danger going forward as mobile devices become more capable."

Scannell added, "A lot of these devices are being lost, and there are safeguards like identification, passwords and authentication, but if you're already logged in, there's not a lot you can do."

Some companies "are now putting restrictions on how much data and what types of data users can store on their devices. In some cases, once that information is used, it is wiped from the device." Scannell commented that "The big danger here is when [someone uses] the device as a key to get back into the server for some reason."

Kathryn Weldon at Current Analysis thought "implementing end-to-end solutions that secure the network and devices at three different levels" was critical:

  1. companies need to secure corporate servers and the perimeter with firewalls, and antispam and antivirus protection
  2. businesses must ensure their carrier or any middleware is secure with end-to-end encryption.
  3. the device itself should be updated with additional encryption, authentication and some form of network policy management.
That's where several enterprises fall short because they use just one or two of the three options, Weldon said. She said most companies also must set corporate policies to determine who can log onto the network, what information they can access and what security updates are necessary so they don't infect the network.

Weldon said,"To think you're protected at the corporate site with just firewalls and antivirus is naÏve. The IT department is actually starting to take this stuff seriously. They're asking whether you protect at the perimeter or protect at the device. You need to do it at both ends."

"There are companies out there saying, 'Why don't we just encrypt everything,'" she added.

One stumbling block "is the fragmentation between carriers, vendors and resellers on which level they protect." Weldon noted that "trying to tie all three into one bundle is frustrating, costly and time consuming for IT professionals." Weldon said, "From an enterprise perspective, why do you have to go to three people or more to protect from end-to-end? There's got to be more integration in this market."

The market is in its infancy with systems integrators starting to enter. Weldon opined, "They're not going to re-invent the wheel, but carriers are partnering with third parties to integrate at all the enterprise levels. It's surprising that some of the bigger vendors haven't taken this market over."