In 1990, if you walked in the door of any large organization you would see row upon row of desktop computers and precious few laptops. The server rooms and farms took up warehouses and protecting data was as easy as making sure you were physically able to access a hard drive, CD or floppy.
These days, we all know the landscape has changed. Cloud security is critical, especially when the majority of employees are now carrying laptops and working off shared databases. But what many enterprise IT professionals aren’t aware of is the role mobile devices are playing in accessing these data stores.
In fact, mobile is so prevalent these days that there needs to be an increased understanding of how to lock down and protect the cloud-based data without crippling an organization. Especially those whose workforce might be trying to remain productive with devices as simple as a smartphone or tablet. So, what should IT pros know? I posed that question to Dipto Chakravarty who took me through a few of the vulnerabilities of these powerful, tiny computers.
Dipto said it’s fairly easy, with a good password and with good biometric or physical security to keep your laptop locked down. Just have a fingerprint scanner, strong authentication, random passwords and eye scanners. But the access to data isn’t solely at the hardware level. With more teams collaborating, there has to be a safe browsing environment, otherwise it doesn’t matter how secure your laptop is. Black- and Grey-hat individuals and organizations can gain access through a different door. Essentially, the best way to protect your applications and collaboration is through application isolation. This keeps your work sandboxed from worms, trojans, spyware and malware. Even as it allows team members to remain productive.
But that raises the question whether it’s possible to create applications and browsers that are easily protected. Dipto pointed out that patching and updating software is quite difficult because you can’t protect against everything. And once there’s one back door into a program or environment, you’re cooked. Protecting your platform or browser or applications also comes with a time challenge. As soon as a vulnerability has been identified, the IT team is already losing to the clock.
The solution in many cases is to implement a strict use of SSL, to educate users about phishing and to ensure that applications are constantly updated. Sadly, he pointed out, there are lots of devices running different hardware drivers - and these are susceptible as well.
But Dipto’s outlook on mobile security isn’t all doom and gloom. He gave examples of devices that are increasingly buttoned down, making them more attractive to an overworked IT staff. He also says that each mobile OS has tackled the challenge in a slightly different way. From Android with its securable IP to the iPhone with a surprisingly secure OS to Windows Mobile, oft times the also-ran in terms of security, these smartphones are coming along nicely. Even the BlackBerry has good security for the enterprise server and it offers simulators and mature debuggers that make writing an app painless.
So what gaps are going to be next when hackers look to compromise cloud security and capture data from mobile devices? Dipto sees Bluetooth as one stack that needs to be secured. It’s an easy place for people to start - snooping Bluetooth will be the next frontier.
He also sees geolocation as a feature and a curse as it gives criminals information with which they can attack you. Essentially, said Dipto, this is a race where mobile application development is speeding up and people now understand the vulnerability aspects of mobile. It can speed you up or it can totally cripple you. Luckily, there are new tools daily that help IT pros protect data, protect their mobile workforce and protect their enterprise in the cloud.
Mar 10 2011, 05:26 PM
Filed under: cloud security, iPhone, Android, Grey-hat, Blackberry, Bluetooth, Windows Mobile, Mobile Devices, Black-hat, JeffCutler, Security Web