[ISN] Oracle users wary of putting applications on Nokia devices

From: InfoSec News (alerts@private)
Date: Mon Nov 13 2006 - 23:46:30 PST


http://www.itbusiness.ca/it/client/en/home/News.asp?id=41097&cid=2

By Briony Smith
11/13/2006

Oracle and Nokia's plan to offer access applications like Oracle Mobile 
Field Service and Siebel Wireless on E61 and E62 mobile devices is 
receiving mixed reviews from potential users.

The two companies announced the genereal availability and certification 
for the joint solutions at Oracle's OpenWorld conference in San 
Francisco last month.

Ottawa Oracle User Group vendor coordinator Glenn Cripps, who works for 
Health Canada (which doesnt allow their employees to use handheld 
devices for business purposes), said security will be a big issue. 
Someone could squeeze through the wireless connection -- theres such a 
potential for data to be sniffed out and for someone to force their way 
in.

The question on most Oracle users minds seems to be, When it comes to 
the crucial and sometimes sensitive information contained within Oracle 
applications (with everything from customer information to shipping 
records), how safe is it for sales professionals, field service 
personnel, and distribution staff to take or access that information out 
of the office?

Info-Tech Research Group senior research analyst Carmi Levy said the 
vector for attack is ever-increasing. Mobility is such an issue now. 
Before, it was tangible -- servers and PCs existed behind security and 
locked doors: they were separate from the big bad world, he said. As we 
become more mobile, with BlackBerrys, smart phones, and PDAs, that kind 
of security is no longer there. I mean, what if you lose your BlackBerry 
in the back set of a cab, and it gets into the wrong hands?

Levy suggested that access-based protections (like dual-function 
authentication) are imperative, and end-to-end encryption is necessary. 
These technical failsafes should form the foundation for rigorous 
employee training from the IT department, said Levy, who feels Nokia and 
Oracles technology is up to par. The employees need to become experts in 
mobile security, he says.

You cant just say, Go buy Nokias and well connect you, said m-trilogix 
director Craig Read (who is also the president of both the Toronto 
Wireless User Group and Toronto Oracle Users Group). Read stressed the 
importance of making sure you need mobile devices in the first place. 
You need (a company employee that can be) responsible for the project 
and make a business case for this, and who can ask, What do you need to 
do your job properly? he said.

IDCs Sean Ryan, a mobile enterprise devices research analyst, said that 
companies need to consider (the devices) interface, functionality, and 
security.

Read added that sussing out screen size, processing power, and software 
and training requirements is key. Once all this has been nailed down, 
Read added, accessing Oracle on a handheld could get rid of the paper 
and automate all the paper processes.

Mark Perry, a program coordinator at Southern Albertas Institute of 
Technology and the president of the Calgary Oracle Users Group, 
suggested installing a feature where five wrong password tries result in 
the lockdown of the device and the erasing of all its data. That could 
pave the way for greater use of the technology, he said.

Theres definitely a huge benefit. If youre a sales guy and you need to 
get real-time info to the client, you eliminate the 
'Ill-get-back-to-you.'

While Ryan said that the percentage of people who use mobile devices for 
business is extremely low and Read estimated it at six to 10 per cent of 
mobile-using professionals, both feel that handhelds are picking up 
momentum in the marketplace and that companies who have mobile 
applications have the advantage.

You gotta be mobile, regardless. While it may pose great [security] 
risks, its a greater risk to fall behind," Levy said.


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Nov 14 2006 - 00:10:08 PST