As functions that were once chained to the desktop become available in mobile devices, the demand for that functionality tends to become irresistible. But as IT managers know, the problem with new functions is that they’re usually accompanied by a threat to security, which employees may not understand or be willing to help combat. “It’s an age-old fight: When it comes to balancing security and convenience, convenience almost always wins,” says Mike Dunleavy, president of Diginonymous (www.diginonymous.com), a mobile security company in Seminole, Fla. And as the ways to be mobile expand, so do the associated security threats.

Mobile computing involves a variety of devices, such as smartphones, laptops, and netbooks, and the ways they can be compromised are myriad. Here’s a look at what’s going on in the mobile security space to help SMEs protect their mobile workforces.

Encryption Is Vital To Device Security

One security problem has hounded mobile devices from the beginning: intercepted conversations. Any travelling executive who has a conversation about next quarter’s revenue projection can later learn that a competitor intercepted that conversation. “It’s fairly easy to tap into a cell phone conversation, but the business world doesn’t really understand that,” Dunleavy says. For that reason, he believes that there will be more interest in voice encryption, including VoIP encryption.

Other types of messages are also at risk. Text messaging, for example, is an increasingly popular communication method, Dunleavy says, and so is instant messaging. These messages, regardless of the device used to send them, can have sensitive data either in the text of the message or attached as a file, and Dunleavy says companies are catching on that all content that goes from one device to another or to a network needs to be encrypted. “It might sound unlikely, but inside-track information in the business world is worth its weight in gold,” Dunleavy says. “It wouldn’t take a lot of effort to get access to the SMS traffic of a particular business, especially if the end result was tempting enough.”

Even video encryption is becoming an important concern in the mobile security landscape. Whether it’s on a laptop, a USB drive, or a BlackBerry, the wrong video in the wrong hands could cost a company a lot, and Dunleavy notes that encryption on all of these devices is the wave of the future.

David Ferre, product manager for endpoint security at Novell (www.novell.com), agrees. “In a recent study, 53% of respondents said that they wouldn’t be able to determine what data was lost if they lost track of a USB device,” he says. “If companies don’t encrypt, that mobility that is so prized can become a threat to the health of the enterprise.”

Protecting Data Transmission In The Wild

The transmission of data from one device to another is also a problem area for security. “Guaranteed, the wireless network in a hotel business center is infected with keylogging software,” says Dunleavy, referring to the software that tracks every keystroke a user makes on a device, enabling a hacker to capture passwords and potentially other sensitive information from a laptop. “As soon as they clean it up, that software comes right back, and the average executive traveler has to be wary of those networks.”

For that reason, Novell’s Ferre says, IT policies will have to dictate the type of network connection to control and secure any data on the mobile device being used. “The end user needs access to that data, and that means allowing them to use those open networks but requiring—and enforcing—the use of an authenticated and secure VPN connection.”

Securing The Network

Laptops can be stolen, smartphones can be dropped in cabs without password protection enabled, and any device can pick up a virus or keylogging software or other malware. But deliberate breaches are a problem, too. “You have to keep in mind that a lot of breaches happen behind the firewall,” says Grant Ho, senior solutions marketing manager for endpoint management at Novell. “That might include employees who surreptitiously put data on their iPod, a smartphone, or another mobile device, or it might include someone who hasn’t secured their mobile device and brings a virus or other malware into the company.” It’s important to make sure the data and the device itself are protected, but companies are going to have to think about how to keep the network secure so that these new threats can’t get in—and data can’t get out—even in the case of mistakes or deliberate theft.

For some companies, that increasingly means establishing when and how mobile devices are allowed to connect to the network. Enterprises might want to consider security software that dictates whether flash drives and other mobile devices can connect to the network based on whether those devices have recognized serial numbers and/or whether they have antivirus software, password protection, and data encryption running. In the future, rather than being the norm, the ability to attach a USB drive to a company desktop is likely to become the exception.

by Holly Dolezalek