SecureWave's Security Key
The deal is the firm's latest move to extend the boundaries of mobile security. Currently, SecureWave offers customers a software package that includes clients for laptops and mobile devices. The client can detect if a user is plugging in a USB dongle or iPod and set policies regarding those devices. (See Agent Provocateurs?)
"For instance, if I want my coders to listen to their iPods, but I don’t want them downloading from my network, then I can do that," says Dennis Szerszen, VP of marketing and corporate development at SecureWave.
The use of software agents to secure laptops and other mobile devices, however, can be a contentious issue for some users -- one that appears to signal a clear distinction between corporate security policy and the type of protection offered in the educational field.
Enterprise types are very much concerned with how to prevent malicious or unwitting transfer of data via a USB key or other device in the enterprise.
"I definitely see it as a very strong need and almost a requirement to address this with a third application, since there is no way to address this natively," says Doug Hampshire, IT operations manager at Escondido, Calif.-based benefits administration firm TRI-AD. "Someone could come in with a USB key, download your data, and be in and out in two minutes."
In fact, Hampshire is so concerned about security issues concerning USB that he refuses to divulge exactly how TRI-AD is tackling the problem. "It's part of my policy I don't talk about security on the phone," he says.
Contrast this with the approach of Robert Lowe, network manager at Lawrence University in Appleton, Wisc., who says that the use or non-use of security software agents is "almost like a religious question for some people."
"Ninety percent of the devices in a university environment are unmanaged," says Lowe. "There are extra liabilities you take on when you ask people to load software unto their machines."
Lowe says that the agents are often blamed for faults in the students' laptops, and some will even ask how they can be assured that the agent isn't collecting data about their computer usage.
"There's a privacy question," Lowe says.
Universities have often been at the forefront of wireless security implementations in the past, especially concerning network access control and quarantining devices so that they can checked for viruses. (See Security Trumps Voice.)
It is clear, however, that enterprise users could have more to fear from data theft using USB keys, iPods, and new and as-yet unknown mobile and wireless devices.
As SecureWave's Szerszen notes: "Could you imagine people walking round with a memory stick in their pocket three years ago?" Say, is that a memory stick in your pocket...?
— Dan Jones, Site Editor, Unstrung