Building a Strategy
Although ultraportables pose a variety of unique security challenges, the risks can be contained and managed by extending and expanding existing laptop security practices. On the wireless front, conventional Wi-Fi security protocols and access controls should be adequate to deal with threats to enterprise data from ultraportables and other emerging wireless-enabled devices, Vitus says. "It doesn't matter what device they're using; they can't get into our network unless we want them to," he says.
When ultraportables are used off-premises as an extension of a company's technology, however, the challenge grows more serious. If storage encryption can't be used, an alternate data-protection technique should be adopted. Enderle says that critical data should never be stored inside an ultraportable. Instead, any data should be accessed from a secure remote repository to avoid the possibility of infecting enterprise systems.
Another option for protecting sensitive documents, Enderle says, is to use a secure flash drive, such as IronKey, that is itself protected and stays with the employee. That way, if the laptop is stolen, the sensitive data doesn't go with it -- the data always remains on the secured flash drive.
But the best protection of all, Enderle notes, is prevention. "Most [enterprise] data should not be on a device in this class anyway," he says.
Employee education in acceptable-usage practices is a must, regardless of the IT security systems used, Enderle says.
Leja agrees. "You have to count on continual security awareness," she says. "Make sure that [students or employees are] being conscientious, and then use the few tools that do exist to help."
The worst approach any IT manager can take is to ignore the threat ultraportables pose. "Even if you haven't yet encountered any of these machines," Wolfe says, "you probably eventually will."
Edwards is a freelance writer in Gilbert, Ariz. Contact him at jedwards@gojohnedwards.com .
Ad Choices
Comments