Get a grip on handheld security

I consider this column to be a democratic forum. By that, I try to make sure everyone — or issue — gets a turn on the hot seat.

For example, in the past, I’ve taken pot shots at personal-area networks and users’ crow-like fascination with new, shiny techno gadgets, focusing specifically

on ways handheld devices can drive their owners batty. Like many writers in this field, I have to admit I like the toys, but frankly, I still haven’t heard a compelling argument to fork over hundreds of dollars to replace pen and paper, not to mention tighten the technology noose around my life.

Now, it’s time to consider the poor IT manager who gets stuck trying to manage an army of personal digital assistants (PDAs), mobile phones and Dick Tracy watches in the enterprise. It isn’t a pretty picture.

Of course, I’m not alone on this one. According to a recent IDC poll of more than 1,100 corporate reps, about a third of respondents said they were “”very concerned”” about handheld and mobile security issues — and so they should be.

They may be the latest digital darlings, but PDAs and their ilk are a potential menace for organizations that don’t treat them seriously.

Let’s consider the (thankfully) brief history of wireless attacks.

In June 2000, Spanish mobile users faced an outbreak of spam, courtesy of Timofonica, a relative of the I Love You virus that plagued countless PC users. A year later (to the month), Japan behemoth DoCoMo warned its 24 million wireless subscribers about a nasty bit of code sent via e-mail that could make users’ phones go haywire or simply crash.

In the fall of 2000, the first Palm-oriented virus, Phage, was identified. So far no cases “”in the wild”” have been reported, according to F-Secure, the security company that “”discovered”” the code, but the stage is certainly set for worse things to come.

So what’s being done? Well, vendors have certainly started making the right noises about beefing up security for mobile technology. Symantec, F-Secure and Trend Micro (with its wireless PC-cillin offering) have all released products, while Handspring co-founder Jeff Hawkins mused aloud last November about the potentially lucrative market for handheld security.

I guess that’s the good news: the evolution of anti-virus software and tentative future directions for technology developers. But that’s not much solace to IT staff already buried under the slough of alerts, patches and hoaxes that are making their way through the world.

At the risk of contradicting my last missive on the joys of goofing around with company technology (albeit safely), I see a strong need to control and manage the use of mobile devices in the enterprise. Reports surfaced in January concerning the development of “”rogue”” wireless networks within organizations. Cisco employees, for instance, began building a wireless network with 802.11 gear before the company did.

Some managers may feel the need to roll out wireless connectivity lest their coworkers do it on their own, but that’s hardly strategic planning.

Gartner Group analysts may argue that wireless local-area networks (LANs) are “”safe enough,”” thanks to authentication and protocol standardization outlined in a February report, but I think we need a much more open and frank discussion before we lapse into an-all-too-familiar sense of security.

The sky may not be falling, but that’s certainly no reason not to look up every now and then, just to be sure.

jsaunders@sympatico.ca

Share on LinkedIn Share with Google+