Closing the Back Door and Closing the Deal

Imagine a traveling sales manager sitting in a coffee shop or airport lounge using his PDA to update confidential prospect information just days before he's set to close his biggest, most competitive deal ever. While this seems harmless enough—especially since his Fortune 1000 company gave him the device—he is potentially exposing this closely guarded intellectual property to his competitors, as well as to the garden-variety hacker.

Of course, this doesn't apply to the average PDA user, right? Wrong. You may not store sensitive data on your PDA, but the reality is that the handheld security issue is bigger than just your device. Handhelds usually connect to a network somewhere, somehow. Because they connect with that network behind the firewall, they can be used as entry points into corporate networks, making information theft and hacking a walk in the park. Sound far-fetched? That's what many thought when security companies said laptops would be hit by viruses…

While many companies have chosen to ignore the threats posed by unprotected enterprise handhelds, claiming that they'll "get to it when it's really an issue," countless others wrongly believe that their existing network and wireless security infrastructure already address the challenges that these devices may create.

The unfortunate reality is that any mobile security strategy will ultimately fail if it does not include the installation of security software on the handheld itself. By ignoring the handheld, organizations are leaving a back door to the enterprise wide open and giving hackers and competitors a tempting invitation to use either the device or the Internet to sneak a peak at top-secret information.

For example: When that sales manager takes his PDA on the road and connects to his corporate network through a hotspot at the local coffee shop, the device became susceptible to a variety of threats and can be easily compromised—that's strike one. However, an even greater danger exists when he returns the compromised device to its in-office cradle, because the handheld is recognized by the network as a trusted user and is given access to mission-critical information behind the firewall—strike two. Now, not only has our friend the sales manager lost his prospect sheet, but he's given his competitor free access to his company's entire database by circumventing network firewall protection—strike three, and you're out.

To make matters worse, a sophisticated hacker could enter a corporate network through the handheld and use it to plant a snooping program that would stream information back to the hacker undetected for an extended period of time. Scenarios like this make organizations using unsecured mobile devices even more vulnerable to information theft or the copying of proprietary data that could impact a company's market performance—not to mention an individual's job security.

Closing the door

Over the last year, mobile devices have become more popular targets for attack and corporate espionage. Traditional security products, such as laptop firewalls, will not be effective in defending the handheld because those products were not created to address the mobile platform's unique size and design. Using a traditional security tool that has been ported to the mobile platform will likely drain the power from the device and the user's productivity, thereby eliminating the benefits of mobile devices.

To prevent the loss of confidential data and ensure privacy, organizations that empower employees to use mobile devices should implement device-side security measures to minimize corporate risk and close the back door.

While attacks on mobile devices are not as widely publicized or as common as the viruses and worms that infiltrate network security defenses, they do exist and can be equally dangerous. In fact, while they are functionally rich, the open handheld operating systems are completely insecure, lacking even the most rudimentary security measures such as power-on password enforcement. This makes the devices relatively easy to penetrate.