Sybase Mobile Evangelist

Ian Thain

Subscribe to Ian Thain: eMailAlertsEmail Alerts
Get Ian Thain: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: iPhone Developer, iPhone for Business, iPhone Developer Summit, Mobile Enterprise Application Platforms, iPhone Apps on Ulitzer

iPhone Apps: Article

The Exception to the Rule Is Your Greatest Risk

Security policies are there of a reason

Here's a common scenario and one that will become more common with the ever increasing penetration of Tablet Devices in the Enterprise... Your Senior Exec just got their iPad. They love it. They use it everywhereLiterally everywhere! That’s a scary word for anyone involved in securing Corporate Data, yet enabling access to sensitive corporate data on a tablet can be a risky proposition. There are three reasons why...

  1. Executives are often early adopters of new mobile technology like the latest smartphones and tablets, even when company policy around their use is not fully formulated. This opens the door for security rules exceptions to accommodate these users. (But that’s OK, because the Execs are the most trusted people in the company, right?)
  2. Executives need accesses to more sensitive data.
  3. Most Executives travel a lot. And travelers are far more likely to be targeted by identity thieves, purposeful hackers, and sophisticated professional data harvesters than the more stationary among us. Not to mention the ease with which mobile devices seem to get lost or stolen in airports. A recent article in Executive Security Today points out that in 2011, travelers lost 11,000 mobile devices in the busiest US airports.

As Senior Executives enthusiastically embrace the latest mobile devices and applications, there is a “perfect storm” brewing when it comes to enterprise security. Identity theft, intellectual property theft, and industrial espionage are growth industries. Stealing data from mobile devices is no longer strictly a crime of opportunity, but rather it is evolving into an industry that systematically seeks and exploits high value targets. Although lost and stolen devices get most of the headlines, two of the greatest threats for business travelers come from the use of unsecured wireless networks in public places, and through Bluetooth connections.

Accessing wireless connections through unsecured wireless networks makes it easy for data thieves to engage in a “man in the middle” attack in which they surreptitiously capture entire unencrypted packet streams. The Bluetooth threat comes from unintended Bluetooth pairing, where a smartphone, laptop, or tablet allows an anonymous device to establish a connection without the case-by-case acceptance of the device’s owner. Both of these things can happen so stealthy and so quickly that a typical user would never notice the symptoms or even suspect that there was anything amiss.

So how should you protect your executives against these kinds of attacks? Follow these rules

  • Implement end-to-end data encryption;
  • Implement rigorous tokenized user authentication that prevents anyone without proper credentials from accessing the device.
  • Enforce these and all other mobile security policies for all devices, and all users. No exceptions!

An Enterprise grade Device and Security Management platform, such as Afaria, simplifies the task of configuring new mobile devices for safe business mobility, even for those enthusiastic Execs.

Please follow me on Twitter @ithain

More Stories By Ian Thain

As one of the Sybase Technical Evangelists, Ian regularly addresses technical audiences all over the world and his sessions are always very well attended. He also writes education classes, whitepapers, demos and articles for various Sybase products and publishes regularly in Journals such as SYS-CON's PBDJ and International Developer Magazine. He is also the Sybase Unwired Platform & PocketBuilder Evangelist and works closely with the team in Dublin, CA and Concord, MA on new features and demonstrations for the products. In his customer-facing Evangelist role, Ian is very involved with the design, production and testing of Enterprise class Unwired Solutions, that have been implemented using Sybase's Unwired tools for Sybase customers around the globe. In addition, Ian is a dedicated technical expert continually working with Sybase's key partners and clients to enhance the capabilities of the Unwired solutions that Sybase can offer to its customers. Ian can also be found on Twitter @ithain