Personal technology is usually a step or two previous to strong security checks installed place by enterprises. Here's particularly true with mobile devices, of which new devices are emerging almost as quickly as security vulnerabilities exploiting them.“In the present BYOD [bring your individual device] era, the only biggest challenge that enterprises face is protecting critical corporate data on handheld devices,†said Jack E. Gold, principal analyst at J. Gold Associates, an IT consulting firm in Northborough, Mass.
During lunchtime, a standard example scenario is for an enterprise employee to travel to the local store, examine half a dozen tablets, select one, return to work, and begin using the device to access corporate data. These steps are frequently taken without the IT department's knowledge or blessing.
Yet, many corporations' decision makers think that because their respective companies' mobile device security policy doesn't condone such practices, white-collar workers don't store company data on personal devices.
“Whenever audits are conducted, businesses are surprised at what percentage employees use personal handheld devices for work related activities,†noted Phillip Redman, research vp at Stamford, Conn.-based research firm Gartner Inc.
Gartner forecasts that by 2014, 80% of mobile professionals will use a minimum of two personal devices to access corporate systems and information, many preferring their very own smartphones and tablets to those devices provided by the corporate.
As a result, businesses find themselves in a precarious position. Once staff members switch on their smartphones or tablets, they begin using the device like a computer. They access business applications, store company data on thumb drives, and replica and paste information from corporate databases -- and so they accomplish that in a cavalier fashion.
“Employees aren't very keen on securing company data," Gold said. "Instead, they complain when the corporation puts safeguards in place that interfere with how they work.â€
This attitude could cause several problems. Consumer handheld devices often wouldn't have any security software. Consequently, there's no barrier preventing employees from connecting to any collection of virus-laden websites, downloading malware, and spreading it to other systems at the enterprise network. Also, the constant flood of mobile device flaws enable malicious hackers to often easily gain access to a user's handheld through loads of methods and acquire sensitive or proprietary information at the device itself and even elsewhere at the corporate network, corresponding to company billing data, Social Security numbers, customer bank card numbers, or pricing information.
Because these devices are so portable, workers carry them everywhere, and occasionally they lose them. If the user has ignored the organization's mobile device security policy and there's no technology layer, similar to encryption software, to back it up, all a crook has to do is turn the device on, sift in the course of the confidential information, and feature himself a celebration.
In response, enterprises were in search of products within the areas of mobile device management, user authentication and secure gateways to assist monitor handheld devices lower their potential exposure. quite a lot of vendors, including 3LM Inc., BoxTone, Enterproid, Inc., Good Technologies Inc., Numara Software Inc., Research in Motion Ltd., Sybase Inc., Tangoe Inc., VMware Inc., and Zenprise Inc., all offer products that help enterprises manage these new consumer/business devices.
These suppliers have taken some approaches in dividing personal and business information on handheld devices. Some products segregate personal and company data by making a buffered “data lock box†with yet another user interface at the handheld device. In other cases, they sequester the corporate data but offer users a consistent interface between their personal and company information.
The management systems help companies enforce mobile policies. As an example, they could block users from copying and pasting information from a database right into a personal mail system, like Google Inc.'s Gmail.
While beneficial, the goods are more a stopgap to plug holes in today's enterprise mobile device security policy enforcement capabilities versus an extended-term fix.
“To be effective, security functions should be built into mobile operating systems,†noted Gold. Currently, only the Research in Motion BlackBerry platform has such capabilities. Google has begun pushing its Android platform in that direction, but Apple and Microsoft have put other enhancements higher on their priority lists.
As a result, the experts say, enterprises have to recognize that a mobile device security policy alone isn't a viable option, and put security checks in place to enforce that policy, otherwise employees will continue to hold sensitive data out front door on the end of the workday.
About the writer:
Paul Korzeniowski is a contract writer that specialize in technology issues. He's based in Sudbury, Mass., and will be reached at paulkorzen@aol.com.
Nessun commento:
Posta un commento
Comments links could be nofollow free