Heard, and overheard

Mar 19 2010   5:12AM GMT

Mobile endpoint security, where art thou?



Posted by: Anilpatrick
Tags:

I have postponed writing this blog to avoid possible damage to several personal relationships, but it cannot be delayed any further. The last straw that spurred this post’s draft came yesterday, as I tinkered around with a close friend’s cell phone (provided by his employers)—only to find myself face to face with a shoddily written IPL-based game of dubious origin on it.

Yes, it’s Cricket, our country’s breath of life. But does that justify running it on a cell phone which hooks up to your organizational network?

It’s essential to clarify that this particular cell phone was just the latest in a long series of misused employer owned cell phones that I’ve seen. Over the years, I’ve had the chance of perusing contents of official cell phones—many belonging to friends, peers and acquaintances.

Cell phones offer tremendous flaunt value, so it’s easy for others to ask if they can “see” the phone, and get access to tinker around with these mobile devices. Except for certain exceptions, most of these near and dear ones mentioned that their cell phones were secured by their “IT teams”. So just imagine my chagrin when I discover these mobile devices being used by users to run unauthorized applications such as fancy themes, pirated games, and so on in such “secure environments”. Many of these applications are obtained from warez sites or from the shady neighborhood cell phone repair shop.

So much for mobile device security, especially when you consider that a bit of social engineering may easily provide an outsider with access to tons of corporate data!

Consider this: your typical cell phone user holds in his hand a device which has roughly the specs of a full-fledged PC that you used in early 2000. In terms of storage capabilities, they offer many multiples of storage capabilities available during the last decade. As is obvious by now, you can kiss goodbye to some of your organizational databases and sensitive emails in the near future (assuming these haven’t moved on to possible buyers). So this may be the right time to wrench back those devices from your DGMs and CXOs—put some compliance in place.

Having said these things, I must point out that certain Indian BPOs and MNCs have done a great job when it comes to locking down their BlackBerry devices. But as the cell phone platforms on offer to users branch out to include OS options like Windows Mobile, iPhone OS and Android, even these organizations will have a tough time.

It’s inevitable that users will ask you for access through mobile platforms of their choice. From your end, it’ll be even more inevitable that you provide access. The task of securing mobile devices will only get tougher with time, so how do you plan to go about it?

Got interesting experiences to share on how your organization secures mobile devices? We’ll happy to hear from you, so do write to apatrick at techtarget dot com.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: