Wednesday, February 6, 2008

Dual Mode Phones - Considerations

Dual Mode phones are the ones with additional 802.11 (wifi) connection.

Enterprises are adopting smart phone usage by employees to increase productivity. It allows employees to access their emails from anywhere, access internal resources via embedded web browser in smart phones or thick clients installed on phones and collaborate with other employees such as conference calls, meetings.

Enterprises need to consider following and ensure that proper systems are in place for mobile connectivity to their networks.
  • Device/User authentication: Allow the access to Enterprise resources only upon successful authentication by Mobile user.
  • Data security: Data in transit must be secured i.e data must be encrypted. Integrity of the data must be ensured.
  • Security Vault: I guess mobiles can be lost easily compared to laptops and other big size devices. Any confidential data downloaded by mobile user before it was lost must be in encrypted form so that it can't be viewed by others.
  • End Point integrity : As on today, there are not many virus and worm attacks on mobiles. As mobiles use standard and common operating systems, these attacks are not far away. They not only compromise mobiles, they may also infect other systems in Enterprise networks and other mobiles. IT departments must ensure that mobiles are clean of viruses and worms before allowing access to internal networks.
  • Policy Enforcement: Enforce the access controls based on type of user to different resources in internal networks.
  • Network based Virus scanning and Intrusion protection: Scanning of traffic to/from mobiles helps in ensuring security of mobiles and internal resources. Enterprise must ensure to have some kind of UTM to analyze the traffic for worms, exploits, DoS and DDOS Attacks and stop the traffic before these attacks damage mobiles and internal network resources.
  • Mobile Access traffic View: Complete view of traffic from/to mobiles provides Enterprises on traffic patterns. It helps IT department to take further actions such as - Increasing bandwidth, increase productivity by creating new policies etc..
  • Extended Storage : I see this requirement in very near future. The storage on mobiles is limited. With always-On connectivity of these smart phones, Enterprises can allow additional storage on their networks. Enterprises can also demand their employees to store all confidential documents in this additional storage, there by mitigating the risk of losing information when mobiles are stolen or lost.


1 comment:

Anonymous said...

Mobiles unlike laptops have multiple ways of access
a) Bluetooth sync of phones
b) Data access through carrier
c) USB access from desktops

There are multiple chances of corruption/attack with increasing number of access methods.

With use of IPS, firewalls we can only restrict attacks from wifi. How to provide additional security for the other access methods? Looks like we end up providing security like in the desktop!!!