New technology brings with it new problems. For mobiles devices it is security. Bob Heard looks back for answers
Mobile and wireless computing has fundamentally changed the way people live and work. No longer tied to a wired network and confined to a physical location, computing is more mobile than ever, allowing on-the-go professionals to access e-mail, business applications and other critical corporate data when at a customer site, in a corridor on the way to a meeting, or running errands during lunch.
Although mobile computing promises better decision-making, shortened cycle times and increased productivity, it has created a new computing paradigm where computing devices operate independent of, but occasionally connect to, a network – exposing organizations to a whole new set of security threats and management challenges.
Is mobile and wireless computing the beginning of a work revolution? Or, is it just a new wave of computing that, over time, will mature and prove to be simply an evolution of computing?
The computing world has changed in many ways over the past quarter of a century. To better understand where we are today, let's go back to the mid-1970s. In this era information assets were isolated on a mainframe computer and kept under lock and key. Confined to a central location, the input and output of information to and from the mainframe computer could be easily managed by the data processing manager. Although mainframe computing was one of the first great steps towards business automation, it was not conducive to an organization's rapidly changing needs.
In the early 1980s, personal computers were introduced and fundamentally changed the way employees worked. Affordable and easy-to-use, PCs
allowed employees to be more efficient in their daily work activities. Soon thereafter Lan technology came on to the scene – creating private networks for sharing information among PC users. However, as the PC adoption rate grew, a new set of client/server applications and issues emerged. Now information assets were distributed randomly throughout the enterprise and the IT department could no longer adequately manage its use.
Realizing the need to create an environment where de-centralized information could be secured and managed, PCs were pre-configured as part of the network domain. Soon, hardware and software standards were developed for servers, PCs and private networks, and centralized management tools were introduced, making it easier for IT managers to control the environment.
Then, in the mid-1990s, another disruptive technology, the internet, promised a vision that would revolutionize the way people and companies work together. However, companies first required secure networks, as well as a standard interface and messaging capabilities. And, just like the client/server days, this environment was chaotic at first, but eventually stabilized as vendors introduced new tools, such as VPNs, web browsers and identity management tools. As the market matured, companies began using the internet to connect with other companies' networks, allowing them to improve collaboration.
Mobility marks the next new wave of computing. Affordable, readily available and powerful enough to run major corporate applications, mobile devices are increasingly being brought into the workplace, making them an industry staple. Industry analyst firm, IDC, estimates that by 2005, more than 275 million mobile devices will be used in Fortune 2000 companies worldwide.
No longer glorified address books, these devices have become repositories for valuable and sensitive data. IT research firm Gartner Group estimates that by the year 2005, 40 percent of corporate data will reside on hand-held devices.
Wireless devices allow for improved decision-making, accuracy and overall productivity and can provide exponential value to the enterprise. But, they create a serious security threat by opening back doors to your corporate network.
Mobile computing devices provide users with easy access to the corporate network via wired or wireless connection. Once disconnected from the Lan, however, data stored on the local device is now beyond the enterprise firewall and unprotected from unauthorized users. If the device is lost or stolen, an unauthorized user can easily obtain proprietary data from the device, or, masquerading as an authenticated user, gain access to the entire network. This dissolves the concept of the secured perimeter.
To safeguard information, organizations must implement technology safeguards on wired and wireless Lans within the traditional secured perimeter. They must also apply security controls on mobile computing platforms that operate independently of the corporate network.
For some, mobile and wireless computing and the chaos it brings, may seem like a revolutionary concept. But, just as organizations had to implement new security and management products during paradigm shifts from mainframes to client/server, PCs and the internet, the same is true of mobile and wireless computing. Over time, the market will mature, new software tools will be introduced and new standards will surface.
So, we're back to the original question. Is mobile and wireless computing a revolution or evolution? Or, does it matter?
One thing is for sure. Enterprise data must be protected if it travels over wired or wireless networks or comes to rest on networked computers or mobile devices. Organizations should take immediate action to re-evaluate their corporate security program – adding policy, process and technology that effectively extends security beyond the enterprise firewall to accommodate the mobile perimeter.
Bob Heard is the president and CEO of Credant Technologies, a mobile data protection company.
