11/11/2008
Windows Mobile devices and software offer potential benefits to the enterprise. These include reduced operating costs and better productivity. However, organizations that deploy mobile enterprise solutions must make security a priority. The following illustration shows possible security threats to a company network that supports Microsoft System Center Mobile Device Manager (MDM) 2008 and Windows Mobile 6.1 devices.
-
Device loss or theft: Losing a device to mishap or theft can
cause productivity and data loss, and potential liability under
data-protection laws. Each year, thousands of mobile phones and
networked handheld devices are lost or stolen. As sales of mobile
devices increase, the negative effects of device loss and theft are
sure to increase accordingly.
-
Loss of sensitive data: Some organizations consider mobile
devices a security risk only if the device has a business
application installed. Some organizations consider the loss of
calendar and contact information a security risk. Consider the
potential consequences if a competitor retrieved the e-mail
information or calendar information and briefings for one of your
company executives. Contact information can also cause problems if
it falls into the wrong hands, as recent high-profile incidents
have demonstrated. Organizations must protect the data on the
mobile devices of their employees.
-
Network penetration: Because many mobile devices provide
various network connectivity options, they have the potential for
use in attacking protected company systems. An attacker that gains
access to a mobile device may be able to impersonate a legitimate
user and then gain access to the company network.
-
Unauthorized Bluetooth or Wi-Fi access: Many mobile phone
users use Bluetooth accessories, such as headsets or Global
Positioning System (GPS) receivers. This has the potential of
leaving an opening for malicious users to use known vulnerabilities
in Bluetooth to gain control of the device. Informal wireless
network connections can also lead to unauthorized device access.
-
Intercepted or corrupted data: So many business transactions
occur over mobile devices that there is always concern of the
interception of important data. The interception can occur through
the Internet, by way of tapped telephone lines or intercepted radio
transmissions.
-
Malicious software: Viruses, Trojan horses, and worms are
familiar threats to traditional workstations and portable
computers. There is a growing consensus among security experts that
mobile devices will be targeted. Even malicious software that is
not designed to deliberately inflict damage may have unintended
consequences, such as data disclosure or corruption.
-
Unsupported or unsigned applications: Older, unsupported
applications may still work, but are dangerous because they may be
vulnerable to attack. Unsigned application installations on a
device may jeopardize the security of that device.