Mobile enterprise software raises security risks, questions of demand
Oracle and Nokia’s plan to offer access applications like Oracle Mobile Field Service and Siebel Wireless on E61 and E62 mobile devices is receiving mixed reviews from potential users.
The two companies announced the genereal availability and certification for the joint solutions at Oracle’s OpenWorld conference in San Francisco last month.
Ottawa Oracle User Group vendor coordinator Glenn Cripps, who works for Health Canada (which doesn’t allow their employees to use handheld devices for business purposes), said security will be a big issue. “Someone could squeeze through the wireless connection — there’s such a potential for data to be sniffed out and for someone to force their way in.”
The question on most Oracle users’ minds seems to be, When it comes to the crucial and sometimes sensitive information contained within Oracle applications (with everything from customer information to shipping records), how safe is it for sales professionals, field service personnel, and distribution staff to take or access that information out of the office?
Info-Tech Research Group senior research analyst Carmi Levy said the vector for attack is ever-increasing. “Mobility is such an issue now. Before, it was tangible — servers and PCs existed behind security and locked doors: they were separate from the big bad world,” he said. “As we become more mobile, with BlackBerrys, smart phones, and PDA’s, that kind of security is no longer there. I mean, what if you lose your BlackBerry in the back set of a cab, and it gets into the wrong hands?”
Levy suggested that access-based protections (like dual-function authentication) are imperative, and end-to-end encryption is necessary. These technical failsafes should form the foundation for rigorous employee training from the IT department, said Levy, who feels Nokia and Oracle’s technology is up to par. “The employees need to become experts in mobile security,” he says.
“You can’t just say, ‘Go buy Nokia’s and we’ll connect you,’” said m-trilogix director Craig Read (who is also the president of both the Toronto Wireless User Group and Toronto Oracle Users Group). Read stressed the importance of making sure you need mobile devices in the first place. “You need (a company employee that can be) responsible for the project and make a business case for this, and who can ask, ‘What do you need to do your job properly?’” he said.
IDC’s Sean Ryan, a mobile enterprise devices research analyst, said that companies need to “consider (the devices’) interface, functionality, and security.”
Read added that sussing out screen size, processing power, and software and training requirements is key. Once all this has been nailed down, Read added, accessing Oracle on a handheld could “get rid of the paper and automate all the paper processes.”
Mark Perry, a program coordinator at Southern Alberta’s Institute of Technology and the president of the Calgary Oracle Users Group, suggested installing a feature where five wrong password tries result in the lockdown of the device and the erasing of all its data. That could pave the way for greater use of the technology, he said.
“There’s definitely a huge benefit. If you’re a sales guy and you need to get real-time info to the client, you eliminate the ‘I’ll-get-back-to-you.’”
While Ryan said that the percentage of people who use mobile devices for business is extremely low and Read estimated it at six to 10 per cent of mobile-using professionals, both feel that handhelds are picking up momentum in the marketplace and that companies who have mobile applications have the advantage.
“You gotta be mobile, regardless. While it may pose great [security] risks, it’s a greater risk to fall behind,” Levy said.