Companies increasingly deliver their content and services via the Internet to a variety of new devices, such as personal digital assistants, television sets, gaming consoles, MP3 players and smart phones, creating a situation that makes it more difficult for IT departments to protect internal systems from attacks and prevent data theft, a Gartner Inc. analyst said this week.
"It's a frightening world for security specialists," said analyst Rich Mogull at the company's Symposium/ITxpo here. "For years we had a lot of control over our systems. Not anymore."
Many of these devices are inherently insecure, lacking solid and proven security technology. To compound the situation, IT departments often find themselves pressured by users to support these devices. The hurried adoption of these devices and the creation of new mechanisms to deliver data to them water down the protection of internal systems, Mogull said.
Users' demands for access to their content and services across all these devices promotes a confusing set of standards, platforms and delivery mechanisms, according to Mogull.
Moreover, many of these new devices have short lives, because they are quickly replaced by more advanced models, so security measures adopted by IT departments to deal with these devices rapidly become obsolete, he added. And a "killer" device that provides a wide variety of functions will not appear until at least 2005. Thus in the meantime, users will continue to connect to the Internet and to internal systems with a variety of devices, Mogull said.
So-called "fixed devices," such as gaming consoles and digital satellites, have proven prone to hacking, which can lead to stolen services and intellectual property. Mobile devices are even more vulnerable, because not only can they be physically lost or stolen, but their transmissions can be easily intercepted, a breach that could enable data theft and virus infections.
"Multiple access devices, convergent solutions and new delivery mechanisms create a more complex environment and increase possible points of vulnerability," he said.
The best way to deal with the problem of granting multiple insecure devices access to internal systems is to deliver data and services to these devices via a browser in a typical thin-client architecture. The browser will continue to be the most popular, most tested and safest interface for these purposes, as opposed to these devices' proprietary interfaces. In fact, until at least 2005, the browser will be a supported user interface in 80 percent of new access devices that connect to the Web, according to Gartner estimates.