Risk assessing mobile devices

Securing mobile devices.

by Scott Reeder 

As I travel throughout the country visiting education institutions I am seeing an increasing mix of mobile computing devices enter the classroom.  Most notably the main staples of mobile learning and teaching devices are notebooks and netbooks.

Along with this upward trend in mobility in the classroom comes the increased security threats to these new devices.   The increased areas for security threats fall into two buckets; asset theft and data protection.   Let’s look at each in a little more detail.

Asset Theft;  Device theft tends to increase with the introduction of mobile devices into the classroom just by the physical nature of the platform.  Devices that roam around inside the walls (and sometimes outside as well) of a school are a much easier target for both the casual and expert thief looking to score.   Physically securing the devices via chains, cables and locks becomes much more difficult, and often defeats the mobile nature of these new devices.  Physically tracking the devices becomes a challenge as they are no longer assigned or associated to a physical location like desktops and workstations of the past.

Data protection;  Now that devices have the ability to travel around, what is stored on that system has the potential to become a security and liability issue in the event that PC is lost or stolen.   Confidential data, lesson information, personal data, student ID’s, and contact records are just a few examples of data that can land on mobile devices both inadvertently and with purpose.  Teaching and administration platforms are most often at a higher risk due to the confidential data, but I have also experienced learning devices with varying levels of data at risk on the hard drive.

Now that we have identified that mobility can bring some increased security concerns, what can be done to address it?   First and the most important part is to analyze, analyze and did I mention analyze the environment!    I cannot emphasize enough that a thorough overview of the environment must take place without any pre-existing assumptions or misconceptions of what is secured.  Something as simple as a spreadsheet with student names and telephone numbers saved onto a hard drive can be more than enough cause for alarm if a PC shows up missing.    A complete security assessment of all devices (not just mobile) will paint a clear picture of where the biggest and highest risks reside.

Once a good understanding of the PC platform security and risk assessment is understood a formal plan can be developed to prevent or reduce asset and information loss.

In today’s computing world there are very solid and complete solutions available to mitigate the risks associated with mobile computing.   The best of these solutions combine a mix of hardware and software features to build a rock solid tamper free solution for devices identified at risk.

One such solution is offered by Intel and Absolute.   In many of the mobile solutions available from Intel, there is a hardware feature known as Anti Theft (AT) and when combined with a software package like Computrace you get a new level of device security.  By combining these two solutions together, you now have increased device security outside of the operating system at the hardware level.  Not only does this increase the ability to stop and deter theft, it also starts to open up new use case scenarios for education.

A brief example of a new use case scenario we are seeing in K-12 is a model we are calling “brick to ship”.   In this use case, IT staff set’s up and configures a working mobile device.  With the use of Computrace and the Intel AT feature, IT staff “bricks” the device after integration.  This renders the device disabled at the hardware level.   It can only be reactivated with a custom key to unlock it, there is no way around a bricked system!   The IT staff can now safely ship this device to a school or student knowing that it will be securely delivered to its destination.  Once the device is powered on, a customizable hardware screen will display pointing the user how to contact IT staff to activate the new device.  Again pointing out that device is useless until unlocked, even if the hard drive is removed.

This is just one of many use cases for AT, with many more being developed as educators understand the benefits of security software combined with hardware features.

In my next blog, I will post some more use cases for this unique technology, but for now I would like to hear some of the security issues and concerns that are occurring as mobility increases inside our schools.