Focus on these four areas when securing mobile devices
Tim Landgrave
Published: 06 Aug 2003 10:25 BST
Operating system security
The news here is both good and bad. The good news is that since the operating system on these devices is typically stored on a chip, it's not easily compromised by viruses. But any application you develop could certainly open the device to potential abuse. And there aren't, as yet, any widely available antivirus solutions for Palm Pilots, Pocket PCs, and programmable mobile phones. This is an area that deserves continual observance by the individual responsible for OS security on mobile devices.
Authentication and authorisation security
This is arguably the most important aspect of your security strategy. No data should ever even get to the handheld unless the individual responsible for using it has the appropriate corporate system permissions. Because most of the current crop of mobile devices lacks the support for proper corporate systems authentication, many system designers fall back to simpler mechanisms like shared credentials authenticated over a clear-text channel using basic authentication on a Web server.
Never compromise
Wherever possible, look for solutions that support your existing internal standards; don't compromise your internal systems just so the mobile clients "fit in." If you're a Microsoft Active Directory shop, use devices that allow NTLM authentication and authorisation protocols. If you're a mixed shop or a UNIX shop, require that devices use Kerberos and can retrieve directory information from an LDAP directory. If the data is valuable enough to give to the user when he or she is inside the building, the same authentication and authorisation standards should apply when the user wants to take the data out of the building or use the mobile client to update corporate data remotely.
Previous
Did you find this article useful?
121 out of 231 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
