Handheld risks prompt push for usage policies

Jaikumar Vijayan   Today’s Top Stories    or  Other Hardware Stories  

HP's Virtualization: HP's Remote Client Solutions Webinar 3 Building Blocks for a Profitable Green IT Strategy Top 10 Reasons to Go Green in IT Hospitality ISP chooses HP Thin Clients for high reliability low cost, security and IT management Sign up to receive Security Resource Alerts

February 21, 2005 (Computerworld) -- SAN FRANCISCO -- The increasing security risk posed by handheld devices is creating a need for formal policies governing their use in corporate settings, according to IT managers and analysts who attended the RSA Conference 2005 here last week.

They added that a failure to pay attention to the threat posed by handhelds, many of which are personally owned by end users, leaves companies vulnerable to data losses and privacy breaches.

"Companies need to bite the bullet and address this problem now," said David Melnick, a security consultant at Deloitte & Touche LLP in New York. Driving much of the concern is the proliferating use of handheld devices for accessing corporate e-mail, storing sensitive data and running applications such as sales force automation and inventory management tools, Melnick said.

In a report issued two weeks ago, IBM's Global Security Intelligence Services team described mobile devices such as smart phones as "the next frontier for viruses, spam and other potential security threats."

IBM's Global Business Security Index Report, which offers a quarterly analysis of worldwide IT security trends, cited a growing number of viruses that target handhelds, including a recent one called Cabir. "It is likely that such worms will be used by copycats and may spur an epidemic of viruses aimed at mobile devices," the IBM report said.

Chuck Gilpin, a St. Louis-based network architect at The Boeing Co., said that such concerns have prompted the aircraft maker to require handheld and mobile users to use a virtual private network (VPN) to gain access to its corporate network. Boeing also mandates that users encrypt all sensitive corporate data stored on their handhelds, he said.

But implementing such measures has been a challenge, Gilpin added. The relative lack of client software for enabling protected access from handheld devices has made it hard for users to log in via Boeing's VPN, he said.

Similarly, it's hard to apply a consistent approach to securing the devices because they're made by many different manufacturers and come with various operating systems, he said.

Handheld-related security issues need to be made part of broader security planning processes for wireless LANs, said Djino Blanchette, director of telecommunications and IT at Ogilvy Renault, a Montreal-based law firm.

For now, Ogilvy Renault hasn't implemented any security measures for handheld devices, Blanchette said. Instead, the firm is focusing on deploying an intrusion-detection system to secure wireless access for lawyers using laptops. "Ultimately, though, it is all going to be part of the same problem," he said.

A good place to begin securing handhelds is to understand how they get into the enterprise, what kind of information is stored on them and how they're used to access corporate networks, Melnick said. Eventually, companies will need plans that provide auditing, monitoring and policy enforcement capabilities, he added. "This is a new, unbudgeted area of responsibility for IT," Melnick said.

Security Considerations RISK IDENTIFICATION: Who uses handhelds within your company? Were the devices deployed as part of corporate rollouts or bought by end users? RISK ANALYSIS: What kinds of information are stored on handhelds, and how much of it is proprietary? USAGE MONITORING: What policies are needed to control the use of both personal devices and company-owned handhelds? Source: Deloitte & Touche LLP, New York

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Handheld risks prompt push for usage policies Sidebar: Symantec Continues Effort to Sell Veritas Deal

"It's IT Blogwatch: in which Research In Motion unveils its sexy new device -- the BlackBerry Bold (n��e 9000). Not..." Read more... "Worried about the explosive growth of Linux on inexpensive, ultra-portable PCs like the Asus Eee PC, Microsoft has launched a..." Read more... Read more Hardware posts or See all Blogs

Analysis: Why Hewlett-Packard wants EDS Hackers hijack a half-million sites in latest attack HP in talks to buy EDS for up to $13B More top stories...

Microsoft faults OEMs for some XP SP3 endless reboots Mozilla slates Firefox 3.0 RC1 for late May IPhone out of stock 'companywide,' say Apple sales reps

Your help desk career: Dead end or launching pad? A role on an IT help desk is what you make of it, tech pros say — just don't get too comfy. The darker side of Webmail Web-based e-mail may be exposing you to privacy and security dangers you didn't sign up for. Performance showdown: Flash drives versus hard disk drives Ever been tempted to replace the mechanical hard drive in your laptop with a shiny new solid-state disk? Our expert did so, and here's what he found. Xerox touts erasable paper, smart documents PARC showed erasable paper and other technologies that adds intelligence to documents with raw text. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Computerworld Report: Virtual Reality Download this Computerworld Report, free for a limited time, compliments of HP. (Source: Computerworld) The data center is real, but storage is turning virtual at many organizations that need to manage exploding storage needs. Learn how virtualizing your enterprise will save you money in this Computerworld Report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  Virtualization Everywhere Download this white paper, free, compliments of Citrix. (Source: Citrix) Adoption of virtualization is concentrated among large enterprises, while adoption by mid-sized companies has been much slower. For these companies, the cost and complexity of server virtualization solutions has been a barrier. In this paper, we'll discuss how Citrix XenServer" provides simple, economical server virtualization for any size company. Download now! Download this white paper  Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. New Fujitsu High-End Itanium Windows- and Linux-Based PRIMEQUEST Servers Offer the Utmost in High Availability New Fujitsu High-End Itanium-Based PRIMEQUEST Servers Offer Industry-Leading System Management for Linux and Windows Symantec State of the Data Center Report 2007 View more whitepapers

• Handheld risks prompt push for usage policies
• Sidebar: Symantec Continues Effort to Sell Veritas Deal

• Analysis: Why Hewlett-Packard wants EDS
• Hackers hijack a half-million sites in latest attack
• HP in talks to buy EDS for up to $13B
• More top stories 

The Impact of Messaging and Web Threats Messaging, internal and Web-based threats are increasing in number and severity. The risks to organizations large and small are real problems that users and their employers face if they do not establish adequate defenses against this growing variety of threats. Read this Osterman Research paper to learn how organizations must implement a layered defensive strategy to protect against all types of threats and how Sunbelt Software can help. Download this white paper now



Get Into Gear! Check out our new personal technology section -- TechGear -- for the latest on those cool gadgets that you just gotta have! Host Mike Elgan provides hands-on reviews and analysis of the stuff that makes IT fun. Head to TechGear



Detect, identify, and locate RF interference in 802.11 WLANs. AnalyzeAir software provides IT network professionals with the vision they need into the hidden world of RF, providing them with the ability to see the spectrum in a visible and intelligible format. AnalyzeAir software lets you see, monitor, analyze, and manage all the RF sources and wireless devices that influence your Wi-Fi network's performance and security, even if those devices are unauthorized or transient. AnalyzeAir Trial Software v3.1 highlights the features found in AnalyzeAir Software using a set of saved spectrum files. Replay the data and experience the visibility that AnalyzeAir Wi-Fi Spectrum Analyzer provides. Note: The trial software is limited to a player version only. It does not communicate with an AnalyzeAir PC card so it does not collect actual spectrum data. Register for this trial now.