04-08-2006, 12:00 AM
|
|
Thinker
Join Date: Jun 2003
Posts: 349
|
|
PC World: Security Fears Hamper Mobile Devices
"Around 60 percent of businesses are shying away from deploying mobile devices primarily due to security concerns, a new survey says. Expense and complexity also hampered moves toward mobile computing, according to the survey, conducted by the Economist Intelligence Unit and commissioned by security vendor Symantec. Executives at 240 organizations worldwide were interviewed..."
This is an interesting article that explains the stance or dilemma that many corporations have regarding mobile devices in the workplace. I have seen firsthand that corporate users have either bought their own device and got their IT department to install the software, never used any means of password-protecting or encrypting the device, or lost their mobile devices much more often than they have lost their laptops. Viruses are still relatively new, but can't be discounted. Data is still data, and as they say, the chain is as strong as its weakest link. What's your company's view on the use of mobile devices in the workplace? Are you using any enterprise tools for mobile devices to secure your company data?
|
| |
|
|
|
04-08-2006, 12:29 AM
|
|
Intellectual
Join Date: Aug 2006
Posts: 177
|
|
My employer only supports "older" Palm PDA devices; I guess they consider the OS & limited storage to present less risk. Even so, they are considered "optional" and officially only Palm phone book entries and personal calendaring may be sync'ed to the internal sources. Email sync'ed to the corporate systems is only supported on Blackberrys because of their built-in encryption, and (again) the limited storage.
I've been informed that the primary obstacle to their supporting Windows Mobile devices, is the cost involved in providing support (due to the instability of the OS?) which our management believes is as much or more than that required to support the company-issued laptops (which run a locked OS & application build).
|
| |
|
|
|
04-08-2006, 05:33 AM
|
|
Editor Emeritus
Join Date: Dec 2005
Posts: 214
|
|
I work for a large company, whos data is very sensitive. Information security is a critical issue for us. We support Blackberries, Palms, and PPC's, though everyone seems to be switching to Blackberries.
If someone wants a device, their manager, a secondary approver, and Information Security must approve this. They have to purchase the device, and pay for the service with their own money. The devices must be password protected at all times.
We employ IBM Lotus Notes for our email system, which works quite well with the BB's (Not good enough IMHO, I get way too many calls a week for the devices not syncing properly). We dont support email/address book functionality for the Palms or PPC's.
|
| |
|
|
|
04-08-2006, 09:28 PM
|
|
Thinker
Join Date: Jun 2003
Posts: 455
|
|
In my small office, my boss has a Palm, I have a PPC, and no one else is interested in them. I don't know what my boss has on his device, other than contacts, but knowing his IT savvy, I know it's not encrypted in any way.
I have organizer material related to my tasks, and the IT support I give the office, including passwords, and I'm a lot more savvy than my boss, but I admit I don't have mine encrypted, either. Of course, in over a decade of carrying various devices, I've never lost one or had it stolen, and I'm exceedingly careful... but there's always a first time.
On the other hand, I don't work for homeland security... none of the data I carry is going to bring down an administration, or even my company, in the wrong hands. And it's backed up against loss. So I don't consider it a risk to anything other than my own wallet.
I guess it's either the "It won't happen to me" syndrome, or the "It's not worth stealing" opinion that keeps most people like me from bothering to protect the device. Seems like thieves are more intent on snatching iPods than the PPS in my pocket or briefcase... am I wrong?
__________________
Steven Lyle Jordan: Original SF so good, Fox would never put in on the air. |
| |
|
|
|
04-09-2006, 05:07 AM
|
|
Intellectual
Join Date: Aug 2006
Posts: 172
|
|
About 12 months ago, my employer flat out banned any and all PDA's & Smartphones from the workplace. I work for a large 401k/Retirement & Investment services corporation with lots of sensitive personal information. We have just under 20,000 employees, so at the core, I believe it was a smart decision. Too much potential for data loss.
They did turn around and then issue 'executives' Blackberries, because they felt that the centralized remote data wipe option solved most of their concerns.
|
| |
|
|
|
04-09-2006, 11:37 PM
|
|
Thinker
Join Date: Jun 2003
Posts: 455
|
|
Ooch! That's kinda rough on the rank & file who use them personally, but I can understand the reasoning behind it. I suppose an employee is always free to decide that their office is a little too stringent for them, and find another job...
Y'know, after thinking about it, I decided the least I can do is password encrypt my PPC. The article left me curious, however: It does not say much about how a PPC can tap into a network. Say, if it is on an ActiveSync Guest connection, and not authorized to a password-protected network, but the PC it is connected to is authorized to get to the network... can the PPC be made to access the network at all? I can't even see the PC files on my home PC when in full sync'd mode... but I know that from my PC, I can see my PPC files. How much control can a PPC exert on a PC?
__________________
Steven Lyle Jordan: Original SF so good, Fox would never put in on the air. |
| |
|
|
|
04-10-2006, 01:22 PM
|
|
Thinker
Join Date: Dec 2003
Posts: 359
|
|
Where I work everyone loads what they want and syncs what they want. They only use their own personal hardware. On top of that they even send us to "support" peoples PDA's not syncing 1 day before the people leave their positions with the company. Needless to say I have mentioned security on more than one occassion but thats not an issue here I guess since they all use the same passwords and 20 people share the same logins with noone chastizing them. Heck before I arrived noone was even logging onto a domain so I guess I am making progress.
Quote:
|
How much control can a PPC exert on a PC?
|
PPC's can map network drives just like any old PC. That in itself can be dangerous for someone wanting to grab loads of data quickly.
I'ld say if I had a PPC and 5 minutes on my network I could get just about anything I wanted. And it scares me that the company I work for fails to see this threat.
|
| |
|
|
|
04-11-2006, 10:21 AM
|
|
Pupil
Join Date: Aug 2006
Posts: 27
|
|
ASSecurity
I'm not a developer but more of a script kiddie, but my understanding of the AS partnership is that it does represent apontential weak link in an otherwise secure desktop environment. rapi which is used to move files back and forth during AS session probably runs in a system account context, but then the same can probably be said for thumb drive syncing as well? I don't believe this includes a default ability to connect using SMB to other hosts like file shares, but obviously, you can do other things like use the PC as a proxy. Anytime you add an uncontrolled vector to your network, you increase the chance of infection, infil/exfil, or just plain snooping. Of couse an AS partnership must exist, but once it's setup, you could potentially move anything you wanted between the devices. So the traditional hacker method might be something that targets your PPC outside of your safe firewalled corp net, and then has PC virus along as payload via rapi interface once re-connected/synced...shouldn't be so hard? Maybe a real developer can enlighten us..?
|
| |
|
|
|
04-12-2006, 11:17 PM
|
|
Pupil
Join Date: Aug 2005
Posts: 28
|
|
I'm not a full time developer myself, (just something I enjoy doing), but I also work for a very large company where ppc's are used by about 60%. I've seen myself how security can be an issue, and that is what led me to design my own security program!
I call it Pocket Secure. I packed it full of interesting and useful features that will not only protect the personal and business info inside, but it also has color and flare, with a built in Slideshow, Skinable interface...etc!
One of the main features added to the recent v3.0, is the ability to "Disable ActiveSync Communications", weather a partnership or guest! With this option, and others, it gives the device virtually 'airtight security'...
By eliminating any way of communicating with the device, as well as rock solid security, I've caught the attention of some small and medium size companies that use pda's. I'm now also working on a deal with a company with 45k+ employees worldwide!
The response I've received is showing me that pda security is more of a rising concern now then in the recent past, and the need is growing daily.... :wink:
|
| |
|
|
|
|
|
Linear Mode
