John Hering, CEO of Lookout, a mobile security firm, recently told Dark Reading, allowing a mobile device access to critical data is “almost a Trojan horse into the enterprise itself. “ Powerful words.
We took Hering’s warning to heart and asked several security and enterprise experts: What major security concerns should the enterprise worry about when it comes to mobile devices, mobile terminals & the Windows CE client? Here’s what they had to say.
“One of the biggest risks is user indifference to security. Stats show, thousands of mobile devices (smartphones, USB sticks) are left in cabs, airports, etc. [This leaves] corporate and other data on them vulnerable to whomever finds the device. Along with this physical loss (and theft), the end user likely also loads sensitive corporate data on the device (emails, attachments, data files), increasing the overall risk.” – Barry Lewis, Owner Cerberus ISC Inc
“If the enterprise uses Windows CE clients, they will have thought about the devices and the platform quite thoroughly. This OS is most common in specialized embedded devices, used in Line-Of-Business solutions. Most of the (independent software) vendors in that market will have thought about data encryption, both on the device as well as during communication. The solutions commonly include a device management solution that will encrypt and wipe data on the device remotely when required. Windows Mobile is a whole different story, as those devices are not so specialized and much more consumer oriented.” – Aart Merkelijn, owner of iKnowMobility
“Massachusetts is one of the few states that have laws specifically targeting encryption for data at rest which contains PII (personally identifiable information). The ‘fix’, if you will, is to have addressed data encryption and maintaining logs to prove [a] missing device was encrypted. If you can get that addressed you will be able to sleep better at night. “ – Phillip Ogle, Systems Security Engineer
“The biggest threat to security is the human. Technology can be modified through programming or design. Humans must make a conscious effort to adhere to corporate policies and to police themselves. Policies need to address data at rest and in transit on portable devices.” – Larry Williams, Group Benefits Specialist