Not so smart

In his second blog posting for CRN, Fortinet's Paul Judd warns over the UK's growing bring-your-own-device culture

A few years ago, smartphones were reserved for enterprise senior management to help them manage their daily tasks and be more easily reachable. Today, it has become a widespread communications tool for many employees, who use their smartphone as a mobile extension to their computers. This trend is exacerbated by the appetite of individual employees to dictate their choice of business device, by virtue of going out and buying it themselves. However, as the security of mobile phones and their related infrastructure is not fully mature yet, they unfortunately may open up companies' networks to many threats.

For instance, VPN solutions for mobile devices are not yet widespread. The main issue preventing their adoption is that VPNs require computing power that smartphones seldom have today. Tasks such as encryption or decryption on the fly heavily burden them, making remote access difficult to the end-user. Facing those technical limitations, system administrators are often left with choosing between compromising the security of their networks to allow access to mobile phone users, and limiting their access or directing them to another less sensitive network.

Most employees feel relieved when they lock their mobile phone (with a password or a secret gesture on the touch screen) thinking it to be secure. The reality is different: German researchers of the Fraunhofer institute recently unlocked all the secrets of an iPhone in less than six minutes, using standard equipment.

Some employees try to harden the security of their phone (as it is often ‘their' phone) by using special anti-theft software or by encrypting the memory card. However, those solutions aim at making data more protected from physical attacks. Those attacks are largely perpetrated by pickpockets, who are less interested in the mobile phone content than in the possibility to re-use or resell the device. Cybercriminals, meanwhile, do care about the sensitive information stored on smartphones, but they do not need physical access to the phone to retrieve it.

If end-users bring their own device to work, they care a lot more about its security, but how much do they care about data on the corporate network?

Paul Judd (pictured) is regional director for UK, Ireland and South Africa at Fortinet.

Read his thoughts all this week on Views from the Channel.