Security concerns holding back mobile computing - Symantec

By Matt Whipp

Posted on 4 Apr 2006 at 12:58

Security and storage giant Symantec claims that cyber attack concerns are the biggest turn-off for businesses considering rolling out wireless and remote computing.

Ollie Whitehouse, wireless research scientist at Symantec, said that while many businesses have had a mobile workforce for some time, the devices used have escalated in power and hence risk. What five years ago was just a phone for voice calls is now a powerful computer with the ability to store sensitive financial data and to grant access to corporate networks.

But business security practices haven't kept up: according to a global survey by the Economist Intelligence Unit only 9 per cent have a comprehensive security policy for the use of mobile devices. And 10 per cent have taken no action on mobile security at all.

'Mobile devices arrive by stealth,' said Whitehouse. 'It may be a PDA or phone received as a Christmas present ... and they just start to be used. But businesses shouldn't stifle the use of these devices.

'A mobile workforce that can work anywhere is more likely to do so; businesses gain in increased productivity,' he said. 'Businesses should embrace mobile security.'

'It's prudent for enterprises to gain experience in mobile deployments and security before a serious attack makes it mandatory and time critical,' added Paul Miller, director mobile and wireless solutions.

It seems that laptops are by far the best understood mobile device in terms of security risks: some 80 per cent of respondents claimed to have conducted security assessments for laptops, 42 per cent for PDAs and 25 per cent for phones.

The survey found that some 60 per cent of respondents claim that they are holding back on additional mobile deployments citing security concerns, but the proliferation of mobile devices already owned and used by employees means that that risk is already present.

Whitehouse advises companies to roll out security software on these devices as a first step and ensure staff are aware of policies in place around usage and responsibilities. 'Careless employees are the biggest risk in the mobile environment,' he said. 'Users need to be educated about their corporate responsibilities as well as on issues such as the Data Protection Act.'

He recommended mobile devices be set up with on-device encryption to prevent unauthorised access should a device be lost or stolen. For mobile connections, he said end-point-compliance solutions are vital to ensure that devices attempting to connect to the network are up to date with the latest security and software patches before being granted access. Additionally, VPNs are essential to ensure data sent over these connections is encrypted as it is sent across public networks such as the Internet.