| October 26, 2008 9:00 PM PDT | |
Provide robust, end-to-end security in mobilized software. One particularly troubling security exposure is when a user accidentally loses his mobile device, which can often be full of confidential enterprise data, leading to identity theft. Hackers are also a major threat for corporate users. These fears tend to hamper the adoption of mobile devices and to limit the spread of the associated benefits to businesses. A robust security architecture allows devices to work anywhere and anytime within a trusted environment.
Computer users who increasingly use notebook PCs, tablets, PDAs, and cellular smart phones need their business applications to function on the road as well as in their offices. Many browser or client/server-based applications require a persistent network connection. However, the reliable, continuous network connections enjoyed by stationary office workers are not always available to mobile users who often roam between hotspots. Companies are recognizing the potential for mobilized software to increase employee productivity.
Critical to the realization of this potential, however, are applications designed to handle the realities of the mobile computing environment. As wireless infrastructures become a standardized commodity and users increasingly turn to mobile platforms, software developers face rising user dissatisfaction with applications that were not designed to work in a mobile environment.
Think of mobile devices as self-contained networks that need the same types of security measures as enterprise networks: access control, user authentication, data encryption, firewalls, intrusion prevention, and protection from malicious code. Mobile solutions must have security built in to the software as a core element, rather than relying on retrofitted security features that are added as an afterthought or in response to security breaches.
There is no single solution for securing mobile devices, but there are preventive measures that will address many mobile-security concerns. Hand-held devices and smart phones are often used precisely where they are most vulnerable: in public places where risks include loss, probing, or downloading of data by unauthorized parties or theft of the device itself. The damage can be personal as well as corporate. Many users store information such as credit card, bank account, and Social Security numbers on notebook PCs and handhelds. All mobile devices must therefore incorporate protective mechanisms that authenticate the identity of users.
The last line of defense, data encryption, is very hard to defeat by any but the most experienced hackers. Its objective is to make decryption economically unrewarding (rather than impossible), so even moderately strong systems are beneficial. The most important consideration is to make sure that the encryption process is automatic and transparent to the user, and that it protects all stored data. Of course, encryption is effective only if authorized people control the decryption key, so there is necessarily a tight connection between encryption and user authentication. The three elements that comprise virtual physical-access control are access control, user authentication, and encryption.
Mobile devices are increasingly Internet-connected, and Internet activity exposes mobile devices to all the risks faced by an enterprise network, including penetration and theft of important secrets. With fast processors and large memory, our portable computers carry current and critical data that may lead to financial loss if compromised. Moreover, the problem does not end there. These same devices generally also contain log-on scripts, passwords, and user credentials that pose a threat to the larger company network. In short, a “personal” firewall is an essential security requirement. As “blended” security threats proliferate, the addition of an intrusion-prevention feature to the firewall will become increasingly attractive.
The proliferation of mobile devices has spawned a new generation of viruses that specifically target handhelds and smart phones. Users' increasing dependence on portable devices, however, coupled with frequent connections to the company network, must be addressed with appropriate antivirus protection.
Security administration becomes a huge issue when an enterprise deploys thousands of mobile devices. Policy enforcement, deployment, updates, help-desk support, key recovery, and system logging are all vital components of an enterprise system that provides provable security to comply with data-privacy regulations and to repel litigation.
Mobile-device-management vendors also provide solutions that help with managing the security issues addressed here. With a device-management solution, organizations can introduce a proactive security management element, along with a fast security-breach-resolution tool. Mobile-device management solutions enhance security in three primary ways: automatic enforcement of security policies, automatic update of security patches and security software, and determent of theft.
This item is part of a series that is introduced in the item “How to Mobilize Software Applications.”
Discovering Mobilized Software
For more complete information about compiler optimizations, see our Optimization Notice.
