Securing the funds for mobile security

The benefits of mobilising staff can be compelling in terms of increased productivity, particularly for sales and customer facing staff who can use the technology to free themselves from their desks to spend more time with customers.

However, the harsh realities that come with the current economic climate mean that it has never been harder for IT and security managers to secure the extra budget they need to pay for increased mobile security investment.

According to industry analyst company IDC, security remains a top priority, but management concerns over the value of IT investment or executing on investment plans was cited as the biggest barrier to investment in security infrastructure.

Some 30 per cent of respondents to a recent survey indicated that cost and difficulties in understanding technology were the next most common barriers.

IDC's April 2003 survey of 1,000 business users across six countries in western Europe showed that, while there continues to be a great deal of interest in wireless solutions, security is a critical issue hindering the adoption of mobile devices by companies.

"Mobile computing and wireless remain of importance to IT decision makers, but security concerns present a barrier to translating evaluation into procurement, particularly with regard to mobile devices and wireless local area network [Lan] deployments," commented Andrew Brown, research manager for mobile computing at IDC's European Systems Group.

Chris Ingle, group consultant at IDC's Systems Group, added: "IT professionals are telling us that they need help from IT vendors in showing the value of technology.

"While corporate spending is still there - most organisations surveyed were holding their spending at 2002 levels or increasing spending on IT - it is the justification of that spending which is crucial and which can be lacking."

These finding were echoed by industry experts at Gartner. "The inhibiting effects of the economic downturn, and buyers' remorse over previous grand security initiatives, are in balance with a defensive stance driven by modern political realities as well as demands for privacy," explained Victor Wheatman, vice president and research area director at Gartner.

"The result is that enterprises tend to implement products and services that are 'good enough', while navigating through minefields of over-promoted products, or products so advanced that the need is not readily apparent."

Gartner's research indicates that wireless Lan security is one of the biggest concerns to corporates as insecure deployments represent a serious point of potential failure for enterprise networks.

The analyst warned of the dangers of wireless hacking and theft of service from a growing movement of crackers which aims to find and mark free wireless internet access locations.

Gartner advised caution for companies considering rolling out wireless network access, pointing out that firms should thoroughly evaluate the business benefits of such a project and the associated additional security measures required to protect mission critical networks.

"Investing in an over-hyped technology too early can result in a complete waste of enterprises' security funds. Enterprises should focus on their assessment of business needs and threats to prioritise security needs," said Wheatman.

Industry experts advise IT managers attempting to persuade board directors of the need for increased security investment to focus on the business case, rather than the technology.

"It almost doesn't matter what the extra technology is or what the extra technology does," said Alan Lawson, research analyst at Butler Group.

"An IT manager or network manager must be able to demonstrate a very compelling business case for what wireless access can do to increase profits and/or productivity for the company, otherwise the technology should not be there. Security is not a matter of technology, but of policy."

Lawson added that, in its simplest terms the main business issue associated with securing wireless access infrastructures could be boiled down to integration.

"You could look at it in terms of an administrator somewhere who's a bit like a guy in a circus spinning a load of plates on the end of ropes," he explained.

"When you add mobile access another set of plates are added to the equation and the job becomes much harder. The infrastructure becomes that much more complex and it's already too complex to begin with."

This view was endorsed by Clive Longbottom, strategy analyst at research company Quocirca, who argued that security budgets can be justified by quantifying the financial loss that a company will suffer if any given system or systems are taken out by hackers, virus infections or other security problems.

"It comes down to showing a return on your security investment," he concluded. "At the end of the day firms are not interested in the technology on its own; they need to have security products which meet their business needs."