Today’s next-generation mobile devices enhance mobile workers’ productivity, but they’re also placing unprecedented demands on enterprise security infrastructure. And until stronger security practices become more widespread, enterprise mobile devices will continue to represent a threat to sensitive corporate data.
Next-generation mobile handsets are capable of using different types of wireless networks, and they’re being powered by a growing number of mobile operating systems. According to Scott Schelle, COO of vendor Bluefire Security, Baltimore, this is stretching enterprise security infrastructure to its limits. “You’re asking a system that was designed for one type of user, using one type of network at a time, to suddenly bridge into this multithreat environment,” Schelle said.
One of the most serious threats to enterprise security is that companies don’t have enough protection against unauthorized wireless access points, said Andy Reese, a principal consultant with Dallas-based solution provider Compucom. “If an employee connects something beyond the firewall, it can create major problems,” he said.
Some VARs believe that certain types of devices eventually could be targeted by hackers. “There have been remarkably few viruses on smartphones and PDAs,” said Anthony Meadow, president of Bear River Associates, an Oakland, Calif.-based mobile solution provider. “But I think mobile viruses could become a sort of ‘growth industry,’ as the people who write these things are always looking to cause mischief.”
Reese said that the powerful features and functionality of next-generation handhelds makes them difficult to secure. Responsibility for mitigating the threat of mobile viruses lies with the carriers, he added. “I believe that security should become part of the telcos’ service offering,” Reese said. “For example, they have the ability to scan e-mail for viruses and block them before they even reach the device.”
The current level of user authentication on mobile devices is another area of vulnerability for enterprise security. “Although mobile VPN encryption is capable, what is typically being used is simple password authentication, which is easily broken,” said Stu Vaeth, chief security officer of Toronto-based Diversinet, which develops mobile authentication and security solutions. Strong authentication also could prevent a malicious user from remotely accessing the corporate network and wreaking havoc, he added.