- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
Network World - High-profile security breaches may indicate that network executives are using trial and error to sort out the best ways to secure the brave new world of mobile computing.
In May, headlines blared that personal data on 26 million U.S. military personnel and veterans was at risk after a laptop was stolen from the home of a Department of Veteran Affairs employee.
Last month, the Federal Trade Commission contacted 110 people to tell them that two laptops containing their personal data were stolen from a locked vehicle. The group included defendants in current and past FTC cases.
These and a growing number of similar events show that secure mobile computing is a complex business. The physical devices themselves have to be protected, along with the data stored on them, the users and the network connections, especially wireless.
But network professionals walk a tight rope here. If security measures are unnecessarily strict, they're not cost effective for the enterprise. More importantly, users faced with needlessly complex or burdensome measures may ignore or bypass them.
A recent report by InfoTech, a unit of Telecom Intelligence Group, Parsippany, N.J., identified a variety of wireless security challenges:
Mobile client devices can be lost or stolen and then hacked;
Wireless networking creates an “open door” to the corporate net, and wireless data can be intercepted;
All of the elements — device, data, user, network — have to be secured to avoid a weak link;
Doing so adds costs and complexity, and may require changes to applications;
Tackling the complexity of securing mobile users is a work in progress, based on interviews with several network professionals.
Resurgens Orthopaedics, a leading U.S. orthopedic practice based in Atlanta, has more than 300 doctors and clinical staff using either Toshiba tablets or HP iPaq PDAs to gain access to a fully electronic patient medical records over a Cisco wireless LAN.
Initially, in mid-2005, the practice relied on a Cisco security protocol that included the Lightweight Extensible Authentication Protocol (LEAP) for user authentication. But LEAP proved cumbersome to IT staff and users. Physicians had to remember at least two logon combinations, and support staff constantly had to reset access points or user devices, says Vinnie Greaves, Resurgens’ CTO.
Resurgens chose Mobility XE, a mobile VPN from NetMotion Wireless, to create an encrypted tunnel between clients and the Mobility XE server over the WLAN. Because the software employs standard Microsoft Windows logon credentials, users have to remember only their standard Windows username and password combination. A management console gives net administrators graphical and statistical views of server and user status and settings.
Trial and error for mobile security is common practice. “Most organization start with a point solution to correct a specific, or perceived, problem . . . and only then discover [they] hadn’t adequately addressed security and management,’“ says Jack Gold, president of J. Gold Associates, a Northborough, Mass., consulting firm.