Security Risks in the Mobile Enterprise with MDM


Windows Mobile devices and software offer potential benefits to the enterprise. These include reduced operating costs and better productivity. However, organizations that deploy mobile enterprise solutions must make security a priority. The following illustration shows possible security threats to a company network that supports Microsoft System Center Mobile Device Manager (MDM) 2008 Service Pack 1 and Windows Mobile 6.1 devices.

  • Device loss or theft: Losing a device to mishap or theft can cause productivity and data loss, and potential liability under data-protection laws. Each year, thousands of mobile phones and networked handheld devices are lost or stolen. As sales of mobile devices increase, the negative effects of device loss and theft are sure to increase accordingly.
  • Loss of sensitive data: Some organizations consider mobile devices a security risk only if the device has a business application installed. Some organizations consider the loss of calendar and contact information a security risk. Consider the potential consequences if a competitor retrieved the e-mail information or calendar information and briefings for one of your company executives. Contact information can also cause problems if it falls into the wrong hands, as recent high-profile incidents have demonstrated. Organizations must protect the data on the mobile devices of their employees.
  • Network penetration: Because many mobile devices provide various network connectivity options, they have the potential for use in attacking protected company systems. An attacker that gains access to a mobile device may be able to impersonate a legitimate user and then gain access to the company network.
  • Unauthorized Bluetooth or Wi-Fi access: Many mobile phone users use Bluetooth accessories, such as headsets or Global Positioning System (GPS) receivers. This has the potential of leaving an opening for malicious users to use known vulnerabilities in Bluetooth to gain control of the device. Informal wireless network connections can also lead to unauthorized device access.
  • Intercepted or corrupted data: So many business transactions occur over mobile devices that there is always concern of the interception of important data. The interception can occur through the Internet, by way of tapped telephone lines or intercepted radio transmissions.
  • Malicious software: Viruses, Trojan horses, and worms are familiar threats to traditional workstations and portable computers. There is a growing consensus among security experts that mobile devices will be targeted. Even malicious software that is not designed to deliberately inflict damage may have unintended consequences, such as data disclosure or corruption.
  • Unsupported or unsigned applications: Older, unsupported applications may still work, but are dangerous because they may be vulnerable to attack. Unsigned application installations on a device may jeopardize the security of that device.