Mobile Devices Are A Bad Fit With Existing Security Architectures
New mobile devices such as mobile phones, laptops and PDAs are a bad fit with existing enterprise security architectures, technologies and processes, according to secure application access specialists, PortWise.
Corporate security techniques, tools and practices are have been developed over the last 25 years with fixed, physical devices. However, the growth of mobile devices, fuelled by their wireless connectivity, is opening new loop holes in corporate security both in terms of architecture and policies. As wireless connectivity matured in 2004, PDAs evolved from unconnected organisers to wireless access for email and other applications. Mobile phones soon followed with email and Internet access. With distributed, mobile workforces working longer hours there is an ever increasing need to access a wide range of both front and back office applications.
"Mobile devices pose unique challenges from a security prospective," said Jonathan Martin, Chief Marketing Officer, PortWise. "The problem is that by their very nature, they are not fixed, not commonly managed by the IT organization and can be lost, stolen or are open to abuse. Without being part of a corporate IT policy, but still being able to gain access to and organizations resources, the danger is that in the wrong pair of hands they provide an open access channel into an organisation's applications. There are some general steps organisations can take to address these issues, such as integrating security programs for mobile and wireless systems into the overall security blueprint. However, we believe that security is an architectural decision, not a product decision. You need multiple points of control in order to take any necessary action and you need to have the ability to make separate assessments and decisions. The only way of achieving this is through a software-based approach to security and security architecture."
By adopting a software-based approach to security architecture, companies can create integrated, mature multi-dimensional policy decisions and help mitigate loop holes and administrator error. "Strong two-factor authentication based on both knowledge, such as a user name and password, as well as possession, such as a PDA or mobile phone should be standard practice for remote users. By using a mobile phone to provide the second factor of authentication, provides both operational savings as well as significant capital. With single sign-on technology, authentication occurs once, regardless of the number of applications being accessed," added Martin."
Posted to the site on 16th August 2005