This is one in a collection of seven pieces on Burning Security Questions. Read the rest here.
Mobile computing, from laptops to the myriad handheld devices such as smartphones, BlackBerries, iPhones, USB tokens and PDAs, can certainly be regarded as a weak spot in terms of security, says Jonathan Gossels, analyst at consultancy SystemExperts.
While not quite willing to declare it as devastating as Achilles' injury during the Trojan War, many organizations do acknowledge handheld mobile computing as their toughest security challenge.
"IPhones, BlackBerries and Treos do present new problems for us,” says Doug Miller, director of IT at Armanino McKenna LLP, a San Francisco certified public accounting firm.
While the firm bolsters security on about 200 laptops with products such as PointSec, DeviceLock and TruCrypt that enforce data encryption, prevent burning of CDs, or restrict use to only specifically-controlled Flexar memory sticks, the case for security is not so simple with smartphones.
The smartphones are owned by employees who use them for both personal and business reasons, Miller points out.
"It's their phone, and the problem is it's a good tool for our employees," Miller says. While there are remote wipe and password-protection features that are enforced across the board, the same level of security software on the laptops just doesn't seem to be available for smartphones yet, Miller says.
Brian Hughes, vice president and PC manager at First National Bank in Pennsylvania also has concerns about the modern versions of computer-based phones, particularly those with cameras.
"For the safety and soundness of the network, we have no wireless anywhere in the bank network and it's discouraged for you to bring in any kind of device," Hughes says. There's also a "no camera phones" policy in the bank, but Hughes acknowledges it's based on the honor system and there's "no technical means of enforcement."
The reality is there's a reliance on "peer pressure" and the expectation that violations of policy about handheld devices would be reported, Hughes says.
But Gartner analyst John Pescatore is of the opinion that when it comes to PDAs and smartphones, "the threat here is way over-hyped."
But there is the prospect that employees should be able to do "productive business work from any computer anywhere," he says, and in that sense, there is "definitely a major gap in enterprise security strategies. Enterprises need to evolve the ability to inject security in between mobile users and critical business data," an area where he says cloud-based security services are expected to play a major role in the future.