The rapid rise of mobile computing devices, especially smart-phones and tablet computers, has posed new security challenges to organisations' database systems.
To begin with, there is currently zero security on most mobile devices used with public wi-fi networks or the Internet, so the threats are apparent, according to Michael Sentonas, the chief technology officer of McAfee Inc for the Asia Pacific region.
As an expert on this issue, Sentonas says the convergence of work and personal lifestyle has meant that more and more personal devices such as iPhones and iPads are used for both work and personal purposes.
This compromises the security of an organisation's network. A personal iPhone, for instance, can now be used to access a company's e-mail system from anywhere via the public Internet and wi-fi network.
As a result, a growing number of companies have taken steps to safeguard their databases, especially over the past six months, as sales of these mobile computing devices have risen sharply.
Sentonas suggests that enterprises should start with legal requirements for employees to use passwords and only encrypted devices to access the companies' IT infrastructure.
According to Sentonas, some enterprises may not allow the use of iPhone versions earlier than the 3GS to access their network because there is no encryption on those older models.
In the event of device losses, the security of data on those devices that are not encrypted will be threatened.
Generally speaking, Apple's closed iOS system is relatively safer than other smart-phones, which use the open-source Android software.
However, iPhones that have been "jail-broken" are not safe either, so these devices should not be allowed to access the network, as security will also be compromised.
The same threat is also growing rapidly among tablet computers such as iPads and the likes, whose sales have already out-grown those of traditional PCs, notebooks and net-books.
Given that many of these tablet computers are now used both at home and in the office, it's necessary for enterprises to take precautionary steps to safeguard their databases.
Besides the password and encryption requirements, other measures may include the use of VPN (virtual private network) for employees' Web surfing, which is more secure than using the public Internet.
In addition, employees may also be asked to turn their "Bluetooth" and camera features off while in the office. These stricter requirements are now applied at some high-security government offices and the police.
On the widespread use of social media, the latest threat prediction report from US-based McAfee states that there were some significant changes in how both malicious code and malicious links were distributed in 2010.
"The past year ended with some of the lowest global e-mail spam levels in years, as more and more users moved from "slower" legacy communications such as e-mails in favour of more immediate methods such as instant messaging and Twitter.
"This shift will completely alter the threat landscape in 2011. As both consumer and business users continue to flock to social media and networking sites for immediate communications and data sharing, we expect to see increasingly more targeted abuses of personal identity and data.
"In the end, social media connections will replace e-mails as the primary channel for distributing malicious code and links.
"The massive amount of personal information online coupled with the lack of user knowledge of how to secure this data will make it far easier for cyber-criminals to engage in identity theft and user profiling than ever before.
"Spear phishing or targeted phishing attacks will move to Twitter and like technologies because choosing users and groups to exploit through these channels is simple."
So all Twitter users beware of the new threats.
Posts
0 comments:
Post a Comment