Previous Table of Contents Next


Because the transmission takes place within the confines of the company’s buildings, the security requirements may be fewer. However, depending on the organization’s type of business and the need for confidentiality, consideration might be required to neutralize the motivated eavesdroppers who may be within the company or stationed outside the facility.

Other technologies use radio frequencies to forward messages to a central station, which in turn (when requested) sends the message to the recipient. This method is known as store and forward, and it is not normally used for interactive messaging. The best answer to ensure confidentiality in all wireless applications is encryption.

The World Wide Web. The World Wide Web (known as the Web or WWW) provides an infrastructure for accessing information. The Web provides a simple means of attaining almost any type of information that is available on a Web server that is attached to the Internet. All information on the Web is stored in pages, using a standardized hypertext language. Many companies use the Web to provide timely information to their customers. They typically provide information about products, upgrades and patches, and feedback areas. The Web is considered a companion to E-mail because it provides information by using an interface. However, the Web is designed to accommodate limited two- way communication.

Exhibit 3. Breakdown of Mobile Work Force

26% Sales
23% Field Services
18% Administrative
15% Field Engineering
10% Senior Management
8% Other

1997 Projections by The Yankee Group

Security considerations must be the same as with all other Internet connections. The Web server should be placed outside of the firewall. If confidential information is placed on the Web, then encryption should be used. In general, the Web architecture does not provide for the integrity and confidentiality of information. Access to the infrastructure should not be allowed through the Web server.

SUMMARY

Security procedures, guidelines, and practices accepted by end users must enable them to do their jobs. If end users interpret security to be a roadblock, they will often find ways to circumvent security requirements. To ensure that this does not happen, the security practitioner should spend time learning the problems and security concerns of users. The practitioner should consider scheduling one day per month to stay at home and telecommute in addition to dialing in while on business trips. This practice enhances understanding of the remote access conditions, and assists the security practitioner in developing more effective security practices. Exhibit 3, published by the Yankee Group, provides a breakdown of the professions that make up the mobile community.

Information today is stored not only in the data center but also on desktops, notebooks, and home computers; it is stored wherever mobile users have taken the data. By understanding the implications of this fact of business life, practices can be better established to secure assets while supporting employees’ requirements to perform optimally and competitively through having access to the most current information and computing power.


Previous Table of Contents Next

Copyright © CRC Press LLC