|TechTransform, November 11, 2002: Starting to use wireless to do business? What you don't know can seriously hurt you. Here's a must-read checklist from ZDNet Tech Update, and additional reading from Air Defense.
1. Protect against unauthorized users
The cornerstone of any security strategy, mobile or not, is user authentication. Any device attempting to exchange information with your corporate systems needs to have its identity verified. Each time the user goes deeper into a new area of sensitivity or functionality, your application and middleware infrastructure should know who they are, and whether they should be there.
2. Protect data transmissions
You might not be paranoid, but they are out to get you. Mobile applications require an exchange of information across a public network that is full of potential predators. When transmitting data, you need to ensure that it is secure from end-to-end. Any mobile middleware solution should operate on a secure connection for both data synchronization and client/server communications. Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols allow a client application to verify the identity of a server, and ensure that they communicate only with servers they trust.
3. Protect data on lost devices
Mobile devices are small and expensive, so they are easily lost or left in taxis, and are a favorite target for thieves. If you don't want the new owner to have access to your corporate systems or view sensitive data, precautions must be taken.
4. Protect mobile assets
Safeguard your mobile assets such as your machines, devices and data through centralized management. From a central location, you can simplify the enforcement of your security policy on devices that are beyond the reach of traditional wired LAN management techniques.
5. Protect your existing security investment
Whether you are creating new mobile applications or extending the reach of existing systems, your mobile deployment should be as secure as applications running on your corporate LAN. Integrate your mobile applications with existing security infrastructures through open standards and flexible architecture.
In closing, Dave emphasizes:
Regardless of protocol: Your wireless application server technology should enable secure synchronization, encryption, and server-side authentication over whichever wireless protocol you choose.