“Organizations are thinking about the BlackBerry or smartphone as an extension of the computing network, and as a terminal that’s carrying a lot of sensitive enterprise data,” says Scott Totzke, vice president of the global security group at Research in Motion, maker of the BlackBerry handheld device. “They want tools to kill information or lock it down when a handheld is lost, they want to encrypt sensitive data in transit and at rest, and there are growing concerns around compliance.”
Although Totzke denies that security concerns are slowing down enterprise uptake of RIM’s BlackBerry devices, he admits the issue has made his company’s sales process “more complex,” as customers are going to greater lengths to ensure that data on handhelds is adequately protected before they buy. In working with the Pentagon’s IT leaders on mobile device adoption, including an ongoing project to replace 1,200 existing handhelds with new BlackBerries, executives at the consultancy say that security concerns have become a primary focus. In May 2006, the highly publicized theft of a Department of Veterans Affairs laptop containing millions of servicemen’s records led to a series of heated debates on Capitol Hill.
Since then the emphasis on making information security a central part of the hardware procurement process has shifted to the fore, including for handhelds, says Will Alberts, chief executive of FOWGroup. “No one wants to end up on the front page of the newspaper, and everyone recognizes that the additional capability of storing more data on the device opens new risks,” says Alberts, who is also a member of the National Security Administration’s Joint Wireless Working Group.
In addition to the security features that RIM offers, including remote data-wiping tools and integration with two-factor authentication systems, Alberts says that government organizations are interested in utilizing encryption capabilities offered by the device maker and other third-party vendors to defend mobile data more aggressively.
“Mobility is bringing more functionality into enterprises as the devices expand, and there are great productivity gains, but on the flip side the costs of downtime and impact of potential data loss have increased significantly,” says Kara Hayes, senior product marketing manager for the security and mobility connectivity group at Nokia. Hayes says security concerns most commonly voiced by enterprise customers include issues related to lost devices, use of unsanctioned handhelds or mobile applications, and the potential for hackers to hijack the machines’ wireless data transfer systems. “With encryption, companies are figuring out that they need to know who the users really are and what type of functions they are going to use; they understand that they need to have different types of policies and deploy different levels of encryption to the necessary users, and not necessarily everyone,” Hayes says. “If an individual is a hard-core user of e-mail, messaging, or mobile [CRM] tools, they are at higher risk and need this type of protection,” Hayes says.
“The mature IT organizations that bring network security people to the table during the decision-making process are the ones who are doing the best job,” Lobel says. “And people need to have these conversations about the risks and solutions in business terms so that everyone involved understands; it’s hard to tell the CEO no when he wants something, so it’s important to explain things in way that everyone grasps.”
One company, F-Secure, is sourcing its security applications through wireless carriers in an effort to stake a claim in the mobile device space. According to F-Secure officials, bundling security into wireless contracts and allowing operators to offer additional device defense services will prevent enterprises from having to deal directly with a wide array of vendors, thereby securing mobile initiatives in a more cost-effective manner.
Moreover, with security part of the package, end-users will also be more likely to use their smartphones in more interesting ways, says Curtis Cresta, general manager of F-Secure North America. “The critical mass of smart device users is changing perceptions of adoption; much as with laptops, there has been a natural evolution with security, and a growing number of enterprises are now coming to us for advice,” Cresta says. “For instance, there has previously been a bit of resistance to pushing business applications out to handhelds, and applications companies have even come to us looking for help selling their products, but the market appears to be coming around, and having better security available from the carriers is a significant part of that.”
Sprint Nextel, for example, offers Sprint Mobility Management. Available for roughly $8 per user, the portfolio includes compliance, data protection, and anti-virus services for handhelds, along with other nonsecurity capabilities.
In addition to researching device capabilities, carrier services, and aftermarket technologies to help protect mobile devices, analysts advise enterprises to look at advanced handhelds in the same way they have come to view laptops and other technologies from a security perspective.
http://www.infoworld.com/article/07/08/21/34FEmobilesecurity_1.html