Educause Security Discussion mailing list archives
Your thougts about smart phone access to privileged accounts?
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 2 May 2006 09:25:18 -0400
What are your thoughts regarding the use of smart phones to access elevated privilege accounts by administrators and other privileged users over a wireless VPN? We're getting requests for such use. Although known incidents with such devices are rare, the technology is new and changing rapidly and I'm not sure that we know enough about the technology, attack points, and how people will use them ( e.g. application downloads, local storage of sensitive data like passwords, etc. ) to perform any kind of accurate, formal risk assessment. Ergo, I lean toward the conservative and would tend to view use of such technology for access to accounts having global access to organizational data premature without a *strong* demonstrated benefit of doing so. Customer service is the benefit being used to justify the access. On the other hand, can they be any worse than using a Windows PC? :) -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Your thougts about smart phone access to privileged accounts? Gary Flynn (May 02)
- <Possible follow-ups>
- Re: Your thougts about smart phone access to privileged accounts? Steve Lovaas (May 02)
- Re: Your thougts about smart phone access to privileged accounts? Dugan, Darin D [EIT] (May 02)
- Re: Your thougts about smart phone access to privileged accounts? Chris Green (May 03)