home | media info | archive | supplier guide | registration | jobfinder | events | about us | contact
Telematics – an intelligent future, like it or not
|
Aug/Sept 2008
Securing your network
 As more businesses mobilise their workforces, it could be time to re-address the issue of security. We hear how two suppliers are tackling this Zealousness in securing corporate IT networks from hackers is probably hampering some organisations from deploying mobile workforce solutions – which means they may be missing out on the benefits. Yet others seem much less concerned; some that have taken the plunge into mobility solutions could be guilty of adopting an unduly cavalier approach to data and IT network security. Both these attitudes suggest that a new approach to mobile data and device security is needed, according to two mobility solution specialists, Dexterra and Sybase iAnywhere. 'The IT industry has failed to provide users with the correct tools to automatically authenticate mobile users and devices,' says Benjamin Wesson of Dexterra, 'so development of security solutions has been slow and piecemeal. 
'Companies have tended either to cross their fingers that there will be no security breach, or to refuse to sanction use of mobile data solutions at all. Or else they've put in place such strong protective measures that these frustrate mobile workers, and deployments fail.' The risks Mobilising workforces brings two key corporate risks: that sensitive data will be intercepted, and that hackers will use mobile devices to gain unauthorised access to the user organisation's internal IT network. Traditionally, usernames and passwords have been used to authenticate users and devices, but Dexterra and Sybase iAnywhere say this places unnecessary burden on the user. 'Relying on usernames and passwords to restrict network access often fails in the real world because they are susceptible to attacks by hackers who intercept the user's login information and simply replay it to access the networks illegally,' says Dexterra's Wesson. According to Sybase iAnywhere's annual survey of levels of security in mobile deployments, 80 per cent of companies said they stored sensitive information, including email addresses and passwords, on mobile devices, yet only 26 per cent encrypted the data. 'The amount of data held on mobile devices is increasing, yet levels of encryption have decreased hugely,' reports Mike Oliver, the company's marketing manager for mobile management and security products. 'The data on 74 per cent of devices is still dangerously accessible to the wrong people,' he says. Wesson points out: 'Managers can be na•ve about data security. The mere fact that the data itself is not sensitive doesn't eliminate the need to secure the data.' He adds: 'Hackers use easily accessible platforms to get access to the corporate network.' Oliver feels users may not be aware that there is a risk in actions such as transferring data via a 3G broadband USB connection stick. Wesson warns that hackers can use near-field communications such as Bluetooth to gain access to corporate networks. 'If Bluetooth is switched on, anything within range can use it to connect to the device.' Both companies advocate automatic authentication of users and encryption of data. 'Not automating security management is shirking responsibility,' says Oliver. 'IT professionals have to appreciate that even if eight- to ten-digit passwords are acceptable to notebook users, on smartphones they are not practicable.' On the positive side, Oliver emphasises that IT manager have no need to avoid mobile deployments in their determination to protect sensitive data. 'Every piece of data is sensitive to some extent, but modern mobile platforms allow you to lock the device and apply various levels of encryption to suit the degree of sensitivity. Devices can be programmed to wipe their memory if their users don't log on to the server periodically, for example.' It's important to find a balance between usability and security, Wesson says. 'Ticking all the boxes to satisfy the IT department is likely to render the device virtually unusable in the field,' he warns. In Sybase iAnywhere's survey, speed of decryption was an issue for 21 per cent of respondents, and 27 per cent complained of the length of time it took to access their device after powering up. Sybase iAnywhere's Afaria software provides security for mobile devices and is a core component of its Information Anywhere platform, which addresses converging enterprise requirements for mobile email, security, device management and application enablement. Dexterra has just implemented a solution to authenticate both the user's identity and the device before granting network access, requiring authentication from Verisign's Unified Authentication Service (UAS) (more on this in Software Update, page 39). Unless all three components come together in the proper order, the authentication process cannot be completed.
|