Aventail's SSL VPN security locks down PDAs
Louis Nel, TechRepublic.com
Published: 03 Jun 2003 10:15 BST
Despite the fact that the use of PDAs poses obvious security risks for companies, little is done to address these security issues. The seriousness of the problem that unprotected PDAs create is evident from a recent survey by PDA security software suppliers Pointsec and Infosecurity Europe.
The survey, which questioned 332 IT professionals, found that many of these professionals who regularly use a PDA for business tasks "admitted to downloading the entire contents of their personal and business lives into their handheld device and leaving the information unencrypted and without password protection," according to a report on the survey by Mobileinfo.
Here are some of the results from the survey that point to the seriousness of security concerns associated with PDAs, along with the details on a new PDA security solution relying on SSL VPN.
The problem with PDAs
According to the survey, things such as passwords, PIN numbers, corporate information, and bank account numbers made it to the top 10 pieces of information stored on PDAs. However, only 22 percent of the respondents polled said their employer had a specific PDA usage policy. Forty-one percent of them said they never changed their passwords, and 65 percent of those who store banking details on their PDAs do not encrypt the data. A whopping 71 percent of those storing customer info admitted to not encrypting that data, and no less than 77 percent synchronised the data on their PDAs with their company PC or laptop. Almost 90 percent used their handhelds as a business diary.
Bear in mind that those surveyed were IT professionals, so it's conceivable that the rest of network users with PDAs would score much worse.
With nearly four out of five respondents using their own PDAs for work, the risks are so obvious that Magnus Ahlberg, managing director of Pointsec, advised organisations to ban the general usage of private PDAs. Industry analysts already predicted some time ago that, by this year, there will be more than one billion "smart devices" connected wirelessly, with more than half of them Web-enabled, according to an article by Daniel M. Lyon for SANS. According to Lyon, studies have shown that PDA devices have a 30 percent loss rate.
Losing a PDA can also have serious legal implications for employers. Graham Hayday, in a Silicon.com article on PDA security risks, pointed out that "companies holding data about customers, suppliers, and employees have certain responsibilities under the data protection act. If this data is held on insecure devices, companies may be liable for prosecution."
Hayday's articles (part one and part two) contain excellent suggestions for making PDA use more secure.
A security solution using SSL VPN
In the light of these security concerns, Aventail's announcement of the first SSL VPN to support full anywhere, anytime application access on a Pocket PC is welcome news.
Previous
Did you find this article useful?
89 out of 182 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
