Security

Using mobile data raises a number of security issues, not just with the technology,but also with the user practices.

Accessing company data from a mobile device encourages different work practices. These have their own inherent risks such as being overlooked while working on a train (I have done this - reading a competitor marketing report on their laptop, when they sat next to me on a train to London). Having a laptop or phone stolen after it has been logged onto your secure network will give the thieves access to your data until they are kicked off, or the system times out! Though inconvenient for users having a short time out on your GPRS access will help with this.

Overlooking - Using mobile devices in public places will put you at risk of this - always consider who may be watching. It is possible to purchase laptop computers which have a particularly narrow viewing angle preventing others from seeing the screen.

Loss of access device - Using a flashy phone or PDA in public, especially with a always-on link to your company network, invites theft. If you have bluetooth you can keep your phone/PDA locked away out of site, and communicate through a bluetooth headset.

Loss of device with unsecured copy of data - Make sure all data stored on your laptop or PDA is encrypted with password protection - native windows 9x security is not good enough - at least use Windows 2000/XP with NTFS - this provides security of the disc file system such that the disc is unreadable without your password (though not impossible to crack). An alternative is not to store any sensitive data on your hard disk - use a secure 'Webmail' service to view emails using your browser and do not store them locally.

Hacking from the Internet - Your GPRS network supplier will provide a network based firewall to help prevent this, but it can not be totally secure as it is difficult to differentiate between legitimate users and would-be malicious parties. - Always run a personal firewall, and virus scanner. Company networks should be accessed using encryption such as SSL or VPN for Internet based data and WTLS for WAP based data.

Running of Trojan software - Letting malicious software (albeit unknowingly) onto your machine from either a web site or Email attachment will provide someone access to your data - always run a Virus scanner and personal firewall (I recommend ZoneAlarm and use it on all my machines as it provides a good compromise between ease of use and strong security) - to help prevent this happening.

	Device Security
	Network Security
	WAP Access

 

There are two key areas of concern 

	the security of your mobile device -e.g.  laptop or PDA
	the security of the source data, as this will have to travel over the Internet unless you have a direct connection to the GPRS network.

	Top

Device Security

Having an 'always-on' Internet connection is a potential security problem. Your GPRS network provider will usually try to help by providing a Firewall between the GPRS network and the Internet, but this must be configured to allow valid services to work, and hence may be exploited by third parties to gain access to your machine. If you are using a PC you should utilise at least a virus scanner and Firewall. Zonealarm is one of the best I have come across, download and try the free version now.

	Top

Network Security

Your business network will have a firewall protecting it from unauthorized access from other Internet users. GPRS users will require permanent access to your LAN from the Internet, and this raises serious issues as it could potentially open up the Firewall to unauthorized users.

	Security of the data - including access usernames and password
	Security of the LAN from unauthorized users

Areas where your machine is at risk include:

	Accessing web sites with malicious code
	Downloading 'executable programs' e.g. exe, vbe, com extensions
	Downloading documents with malicious macros - e.g. .doc, xls
	Hacking by other Internet users looking for weaknesses in your machine

	Top

WAP Access    

WAP access should not be dismissed out of hand because of the overselling of consumer WAP Internet access. New devices such as Mitsubishi's Trium Mondo display WAP data on a large screen -with a very web-like user experience.

The problem is still how to get data securely through the company Firewall and into the mobile - the answer here is a new type of firewall which connects on one side to your Exchange or Notes server and on the other with WAP over the Internet. Switch on WTLS (the WAP standard encryption) on the Internet side and you will have a end-to-end secure solution to mobile Email. Have a look at Peramon for this type of solution.

Using a web-based Service Provider

Another solution is to store your emails on a WEB based server which independently provides WEB and WAP access. 

A basic solution comprises redirecting company emails to a Pop (Internet) Email account  - this is relatively insecure but adequate for many businesses. Users Email addresses do not need to change and they can gain access from anywhere on the Internet using POP, Webmail or WAP. Choose an ISP carefully to maintain a quality service.

	Top