Tuesday, August 24, 2004

Excuse me sir, can I see your phone?

Phones like 910 have a great camera, which may compromise security

Now there is a phrase you don't hear from any Dutch security guard. Yet, the threat that mobile devices pose to enterprises is significant, especially as the resolution on the cameras is now approaching 3 megapixels and UMTS roll-out is becoming a reality. Yet a significant majority of organizations haven't deployed systems to manage those devices, at least if a study released this week by Forrester Research is to be believed.

"Unmanaged mobile devices represent one of the most serious and often overlooked security threats to the enterprise," the Forrester report says. "The risk of information loss or theft from laptops, PDAs, phones, converged devices, and tablets is increasing rapidly."

However, a survey of enterprises included in the report found only nine percent had deployed mobile client management tools and only 20 percent either were planning to do so or were piloting such a deployment. While the most-discussed security threat is unsecured communications, another serious threat is loss or theft of devices and the information they carry, the report noted. In fact, many companies budget for a 20 percent or higher loss or failure rate for handheld devices, according to the report. Another potential threat comes from viruses and Trojans.

That won't necessarily be easy. For one thing, the devices are often beyond an enterprise's firewall, making them hard to manage. The report also noted that many mobile operating systems aren't designed to be managed centrally. Plus, a long-standing problem is that users sometimes buy their own devices and store confidential information on them...Sony's Memory Stick now boasts 512 MB in the format that fits their 800/900 series of phones.

In the US, while Silicon Valley I was frequently asked to leave the phone at the front desk because of the camera. I also wonder how many companies pay millions for their firewall, only to have employees access from home using an unsecure Wireless LAN.


Ralph said...

Anyone accessing their company's network via an unsecure wireless LAN is most likely doing so via an encrypted IPSEC tunnel or something similar. The traffic is secured by that encryption. Any company that's not using something like IPSEC for VPN access might as well not have a firewall.

Colby Stuart said...

Or, perhaps they were simply worried about the exploding Nokia batteries symptom...