April/May 2007

Fifty-four per cent of all data breaches are the result of the loss or theft of computer devices, according to a new report by Symantec, the supplier of computer security and virus control software.

At the same time another report, produced by the organisation behind the Infosecurity Europe event this April, says that twenty-six per cent of organisations do not enforce a wireless security policy.

This report cites a whole range of security threats, including 'man in the middle', Evil Twin, MAC spoofing, denial of service attacks, rogue access points, honeypot access points, ad hoc networks and mis-configured access points.

While there are many software-based remedies for these vulnerabilities, an alternative strategy is to avoid the problem in the first place. As Neil Thompson, chief executive of mobile applications specialist AppSwing, puts it: 'While encryption is vital, it is not foolproof and it has been proved it can in some instances be cracked.' He adds: 'If no data is held on the mobile device, then if it is lost or stolen, security is not affected.'

 

This, as you might expect, is the approach of AppSwing, which provides mobile access to corporate computing systems. It allows live updating of information by authorised users in the field, but, no data is stored on the mobile device itself; everything remains stored centrally. It's the classic 'thin client' approach.