Securing Mobility

Written by Faiz Askari

July 13, 2009 01:39 IST

Managing mobiles and enterprise mobility is a sensitive policy matter that enterprises have to tackle. The rising popularity of mobility among enterprises is forcing them to get mobile communications under control. For workforce mobility, security is more than a matter of passwords and lost devices. It is actually a matter of secure networks, encryption, authentication and most of all it streamlines business processes. For many entrepreneurs, it means creating an internal culture of responsibility.

To understand the sensitivity of the issue, we need to understand the threats involved in enterprise mobility. These threats are upto the level of business continuity.

Issues that irritate any enterprise network manager in this context is that mobile workers may often use unauthorised wireless connections. By hijacking a neighbour?s wireless network connection or using an unauthorised connection in any public place, the enterprise applications are kept at greater risk. And of course, employees? perception that the mobile that they carry is a personal device often becomes harmful for the corporate network. Accessing and opening emails and attachments from unknown or suspicious sources have resulted in big network disasters in the past.

The concept of anytime, anywhere access of office applications and data also poses a threat giving access to confidential corporate information to any outsider or unauthorised person. Not surprising, that businesses need to think carefully about the policies they have in place to manage mobiles.

Commenting on the adoption trends of mobility, Vineet Narang, CEO of Noida-based MobiQuest explains the situation by pointing out his own experience of being an industry player in the value added services space. ?Last one year or so in the Indian market, every industry vertical, be it banks, logistics, education, healthcare or retail, is eager to adopt enterprise mobility solutions. A mobile phone is much easier to use than traditional handhelds and the workforce is keen to adopt mobile phones as a business productivity gadget,? he says. Moreover, careless attitude among employees is the biggest area of concern for the IT heads. These mobile devices are more prone to proliferation during insecure wireless access at home or in cafes. Many organisation and personal networks have no security protection such as device-specific firewalls, power-on passwords or VPNs.

Mostly, the industry experts feel that transmissions on laptops must be made more secure through the use of mobile VPNs. A mobile VPN allows for data encryption and authentication for each individual mobile user. For BFSI segment, where information security is extremely critical, experts suggest more than just the use of username password. For such environments, authentication applications such as biometrics, fingerprints, and the use of a token key or smartcard, will help create an additional layer to confirm the authenticity of each user.

While Conficker worm took the limelight, a key highlight of the entire conficker episode is that attackers have reached new levels of sophistication in their social engineering techniques, using fear, emotion and security loopholes for harmful purposes.

Spammers tricked users on Facebook, Myspace, Twitter into divulging personal information. Exploiting users? fear of finding scandalous images of themselves online, spammers sent wall posts proclaiming that such pictures have surfaced on Facebook. Also used on Facebook were desperate messages from friends supposedly in a financial bind. Users clicking on the link were taken to what looked like the Facebook login page, but actually it was an impostor site collecting usernames and passwords of unknowing users.

Spammers sent direct Twitter messages to users of blogposts and funny photos related to them. Security loopholes on Twitter like the use of TinyURL to replace long URLs with short ones to fit into Twitter?s 140 character limit meant that users did not know where the link led before they clicked.

Cyberoam vice-president, product management, Abhilash Sonwane says, ?Attackers have confirmed once more that they work on both sides of the equation?user and the platform. They play on the emotions of users while exploiting loopholes on the platform being used. Used in combination, it is an effective way to propagate malware,? he adds.

The biggest challenge ahead of managing enterprise mobility is to tackle the security threats than the mobile workforce?s own outlook towards mobility. Technology is very much available in the market, but it can only play its role in securing the mobile computing. Let?s hope that technology can play its role and computing achieve a secured path of information sharing.

?The writer is consulting journalist, Tech Target

Get Live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news. .

This article was first uploaded on July thirteen, twenty nine, at thirty-nine minutes past one in the night.