Channels ▼
RSS

Security

A Portable Security Risk


More and more employees are bringing personal mobile devices, such as media players, flash drives, and smart phones, to work for entertainment, communications, and other purposes. Equally, many employers issue their staff with such devices to allow them to be more mobile and to run business applications as part of their job.

This explosion of personal devices with built in web connectivity, office applications, and email can improve working practices, but also comes with risks not limited to time wasting. The portability, connectivity, and storage capacity of mobile devices means they bring with them the threat of data leakage, data theft, and the introduction of viruses or other malware into workplace computing systems.

Computer scientists Sean Garrity and George Weir of the University of Strathclyde, in Glasgow, Scotland, writing in the International Journal of Electronic Security and Digital Forensics outline some of the problems associated with the enormous growth in mobile technology and explain how those concerns might be addressed.

Portable storage devices of every ilk, whether mp3 player or mobile phone, now have several ways of connecting to other devices and networks including wi-fi, Bluetooth, and USB. Many of these devices also now have several gigabytes of storage capacity and are often expandable and so have the ability to capture vast quantities of data, whether for legitimate work purposes or for illicit use.

Business organizations are rightly concerned about the loss or disclosure of intellectual property or sensitive information about customers and employees, explain Garrity and Weir. "Mission critical data must be protected in order to maintain business operations," they explain. "The public scrutiny, embarrassment, financial and judicial penalties resulting from data leaks are a major concern, and access control are among the most critical issues, they add. However, the widespread use of personal data storage devices is an ever-present risk for management to lose control over the flow of business and non-business information into and out of the enterprise."

The researchers suggest that there are several measures that an organization might take to remove undue risk. First, and perhaps most draconian is simply to ban personal storage devices from the workplace. Such an approach might be appropriate for staff employed in roles where communications and access to information are not required, but likely to be unworkable for members of a sales force, for instance. Less severe would be to limit the applications and connectivity allowed on mobile devices from a central position of control.

A more holistic approach would be to give staff security training, to ensure devices are used securely; however, this does not preclude malicious use or theft. The team points out that many of the risks associated with personal storage devices are not new. However, the speed of adoption and ubiquity in the workplace of such devices, coupled with increasing sophistication and consumer willingness to adopt advances will continue to pose threats to business security. "Vendors are seeking to develop products that assist organizations to discriminate between legitimate and illegitimate use of devices in compliance with organizational security policies," the team says. However, no complete solution to information leakage is ever likely to be possible.

Reference
"Balancing the threat of personal technology in the workplace" in International Journal of Electronic Security and Digital Forensics, 2010, 3, 73-81.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video