Why go mobile?

By on
Page 4 of 4  |  Single page
Just like being there
So how does a mobile user communicate with the office securely? Email is the most common method, but sometimes users need direct access to office services. A database query to check product stock levels, for example, cannot be easily or quickly performed via email. In this instance, you could email somebody at work and ask them to make the query, but a better way is to hook into the corporate network and access it yourself.

The most secure method of connecting to office networks from the road is the virtual private network (VPN). A virtual private network is a secure ‘tunnel’ for data from the mobile user to the business’s head office. For the mobile user, it’s as if their notebook or handheld were connected to the local area network, capable of accessing all the servers and data they can when they’re at the office. Data transfers to and from the user are encrypted and therefore secure.

To get a VPN up and running, software agents usually need to be installed on the mobile devices used to access the VPN -- although we’re seeing increased use of the common browser as the software agent in SSL VPNs (more on that in a moment). These software agents talk to a hardware VPN router at the head office, which manages the VPN tunnels.

VPN technology has been standardised, which means that software agents from one vendor should talk to a hardware VPN router from a different vendor as long as they’re using the same encryption protocols.

The best, most secure protocol right now is IPSec, which uses practically uncrackable encryption on data transferred to and from the mobile device. Some newer systems are using secure sockets layer (SSL) encryption – the same encryption used in online shopping – allowing users to get VPN access through a common Web browser, sparing the need for a software client.

It sounds complicated, but VPNs are rather easier and cheaper to set up than you’d expect. You can get a low-end VPN-capable Internet router/modem for less than $1000, and once you get it up and running, you’ll wonder how you managed without one.

Top 5
Mobile Security Threats

5. Unsecured wireless networks and VPNs. The same mechanisms you use to let your mobile users access your network can also be exploited by hackers. Make sure you’ve implemented proper encryption on your communications with mobile users.

4. Mobile device hacks and cracks. When on the road, the mobile user is beyond the protection of the corporate firewall and thus more vulnerable to remote hacks. Make sure the device has a properly configured firewall (they’re even available for handhelds and smart phones now).

3. Unsecured data. Users tend to use all sorts of mechanisms to replicate corporate information on their mobile device. They email themselves files, copy data to USB keys and upload to third party Web sites. This results in a great deal of uncontrolled and unsecured corporate data out there (not to mention the versioning problems this creates).

2. Viruses and spyware. Sending devices out into the wild, beyond the protection of the corporate firewall has an element of risk. Notebooks can become infected and bring back nasties into the corporate LAN. Make sure every device has appropriate prophylactics, keep mobile devices quarantined from the rest of the network and enforce user policies on company owned notebooks (no USB keys, for example.) Even non-Windows handhelds are now at risk, with viruses for Symbian OS and Windows CE already appearing, and more expected to follow.

1. Lost or stolen devices (and their data). It’s a problem best solved by limiting the amount of corporate data users store on their mobile devices as well as implementing technology like drive encryption to prevent unauthorised access to confidential data.

Business Startup Guide continues: IT Security
Previous Page
1 2 3 4 Single page

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?