iPods can be tools of espionage
With gigabyte data capacities, they are the potential weak links in small-to-medium enterprises (SME) and corporate networks that are otherwise secured at significant effort and expense.
Oscar Moren, Australian managing director of Pointsec Mobile Technologies, which specialises in encryption for all the main PC and mobile platforms and storage media, says Australian companies are only starting to understand how dangerous removable media can be.
"Mobile devices so powerful they commonly have 2GB of storage and are a security risk because they can store so much sensitive information," he says.
It is inevitable that legislation such as Sarbanes-Oxley and Australia's Privacy Act could apply to information lost by use of these devices.
A significant problem is the ownership of the devices, usually worker's private property, but that may have to change, Moren says.
"If you are going to allow your staff to access the network it has to be through a device owned by the company," he says.
"To be able to roll-out these devices on a large scale and have them under control you should standardise on a few different devices and you should hand them out to ensure you have control and can provide support."
As if to drive home the point, Pointsec earlier this year bought hard drives and computers from eBay Australia with supposedly erased hard disks.
But "we could read information on 12 out of 14 devices including information from one really large financial organisation with the current door access codes, security pass lists and employee details," Moren says.
Asked why Australian businesses sought mobile security from his firm, Moren says some were reacting to an event, others were taking preventive measures.
"When our business case is accepted really fast, we know there's been an incident, but corporates don't talk about it," he says.
Pointsec secures laptops, PDAs and smartphones "within Australian government agencies" and he expects approval to supply Defence Signals Directorate this June.
Pointsec recently encrypted 11,000 PDAs for the US Army.
Taking a slightly different approach to laptop security, IBM recently released laptops with biometric fingerprint access, data encryption and embedded traceability tools.
Greg Hunt, IBM's local ThinkPad brand manager, says IBM used Absolute Software's Computrace in the BIOS firmware, with a $1000 recovery guarantee.
A thief who goes online with the stolen laptop can be traced, even if they have tried to cover their tracks by replacing the hard disk.
The missing data on IBM's new laptops would be secured by a 2048-bit cryptographic chip on the motherboard.
"The threat is increasing so customers want to talk about securing mobile devices," he says.
While companies may set policies on encrypting information, removable media makes it easy to move data.
Some CIOs reacted by limiting hardware, banning removable media devices and eliminating DVD/CD burners, Hunts says.
IBM's other deterrent to mobile theft is a fingerprint scanner that identifies authorised users at login and at websites, Hunt says.
It can save on support costs, as 30 per cent of helpdesk calls are requests to reset forgotten passwords, he says.
Omron of Japan is taking mobile security a step further.
Its OKAO Vision Face Recognition Sensor for camera equipped mobile devices takes one second to recognise the owner and unlock, so personal information including address books, schedules and payment information are secured if the phone is lost.
The technology can be used on mobile equipment with a built-in camera, Omrom says.
Intelligence Search is the web's only search engine to exclusively index
Owned and Operated by InfoBureau.net Co.