To send orders to the far reaches of the empire, Roman generals used variations of a cryptographic system known as the Caesar cipher. Each letter of the alphabet would be shifted by a fixed number of places, so that for example, an “A” would become a “C,” a “B” would become a “D,” and so on. This is not exactly a secure system by modern standards. Most third graders regularly crack this kind of code to uncover secrets passed around in class. Yet in its time, the Caesar cipher was safe enough for many Roman officers to trust it with their lives.
Today’s road warriors require much more sophistication. Hackers are a good bit smarter than they were in the times of the Roman empire. Nowadays we have to secure computers and networks. For the mobile enterprise this means ensuring one or more of the following:
- Legitimate use: that only those people we want using the system can use it. Virtual private network (VPN) software provides authentication. Access control methods ensure each user can get only the data he or she is allowed to see.
- Confidentiality: that we have control over who is able to read information. This is most often achieved through encryption over the air as part of a VPN, through encryption on the device, or through device wipe
- Service availability: that nobody can bring the system down or otherwise hamper the level of service. This usually amounts to protection against viruses.
A general principle of securing computers and networks says you should aim to provide just the right amount of protection for your needs. If you go overboard, you’ll end up frustrating your users and they’ll probably find a workaround, thereby leaving systems vulnerable. For example, if you give users passwords that are difficult to remember, they’ll wind up writing them down, and that might be somewhere conspicuous.
Against this backdrop, let’s see what today’s mobile enterprise needs to consider when evaluating security solutions:
To read the rest of this article, including how to protect your interests if a mobile device with sensitive information is lost or stolen, head over to Mobile Enterprise.