Thankfully I am rarely ill and, because of that, don't often get the chance to 'enjoy' daytime TV.

In previous lives, I have had a chance to enjoy the likes of Countdown and Deal or No Deal, but these have been undone by the low-standard programming pumped out by terrestrial channels and adverts for no-win, no-fee legal services.

Among these productions is Heir Hunters, not a Discovery channel special on Nazi hunters, but a BBC programme "following the work of probate detectives looking for distant relatives of people who have died without making a will".

Now proof has emerged that the elderly, unemployed and undergraduates are not the only ones watching such shows, as phishing emails claiming to be messages from the producers have been detected.

The scammer says they came across the recipient "while searching through [a] genealogy database" and asks them to respond with their contact details to ensure that it corresponds with the information "we have [in] our database in order to enable us to carry out necessary verification processes and to get your claim across to you without any delay".

According to Sophos, the emails even include a link to an online episode of the TV show via the BBC's iPlayer in an attempt to make the message seem more legitimate. This has led to the BBC putting a message on its website which says "beware of emails claiming to be from Heir Hunters".

It warns: “We have been informed that someone has been sending out emails purporting to come from the Heir Hunters programme and referring to this website. Please be aware that these emails have no connection with the BBC or Flame Television, the makers of Heir Hunters, and you should ignore them.

“You should not reply to them and if you believe that persons are attempting to deceive you with a view to monetary gain, then you should contact the police.”

Sophos's senior technology consultant, Graham Cluley, says the BBC's advice is sensible. “If you believe you could be the beneficiary of the assets of a deceased person who didn't make a will, or died with no known heirs, then you could do a lot worse than visit the Government's Bona Vacantia website,” he advises.

If you think about this, it is a mean but clever tactic. The spammer is hitting a potentially vulnerable target who are likely to respond to the opportunity as they are familiar with the brand and are unlikely to question a tactic as niche as this.

That said, being aware of spelling mistakes and the validity of the sender is no bad thing, because the BBC prides itself on not making spelling or grammatical mistakes. Now, where did I put my Homes Under The Hammer box set?

One of the first meetings I did in this job was with nCipher, where the concept of encryption was explained to me.

Now you could argue that I should have just sat down and read the Whitfield/Diffie paper or talked to the founders of RSA, but a lot has changed in the three years since then. Not just to me either; nCipher was subsequently acquired by global defence company Thales and, following other acquisitions, Thales is now one of the primary encryption firms.

The main function of nCipher was SSL technology with databases with built-in encryption and support offered for cryptography. Sitting with Thales's director of product management Mark Knight, and strategy manager Steve Brunswick, both from the Information Technology Security division, I asked them if encryption had changed since 1976.

Knight said that one of the challenges for businesses is how to retro-fit end-to-end encryption and how to improve security without affecting the user so it is as transparent as possible.

“Technology is making encryption transparent. If you know you are using it then it has gone wrong,” said Knight.

One area where encryption has evolved is with mobile payments. Brunswick explained that a credit card chip has moved into the phone SIM card. “In the past, a factory would create a card with data from a tape from the provider, but with cryptographic details added to the account it is then added to the card. With the Global Standards platform, the cryptographic element is not in factory but over the air,” he said.

“With our hardware security module (HSM), within the SIM there is security but the domain is owned by the mobile network operator so you can use traditional push commands to set up a secure channel, and send a message that the application can run on the ‘card'. The bank has the server and an HSM attached, so the contact comes from the HSM and secures the message so the bank doesn't need to know anything about how the message gets to the phone.”

Knight commented that with end-to-end encryption, the bank has the data, but everyone should be hiding opaque information – although fitting this sort of technology is proving to be difficult.

Brunswick said: “Protecting a password with encryption is done everywhere. PCI-DSS says you need to protect data but does not say how to.”

A key area for chip-based security is in the US; Knight said this is a major case for retro-fitting, with a move to issuing and accepting chip cards getting closer.

Knight said: “A step to mobile payments is not about making payment cards more secure, contactless mobile card payments use the same standards. In the phone, the SIM connects to the near-field communication (NFC) chip via a single wire protocol to make the SIM look like a contactless card, so you can make a payment.

“We have got to see a communal relationship between the bank and retailers as the technology is ahead of the market.”

A Forrester report commissioned by PayPal last year said that by 2016, UK mobile retail sales will reach £2.5bn, and consumers will be able to leave their cash at home and use their mobile "as the 21st century digital wallet".

Brunswick said this capability is not one of technology as it is already there – 2011 saw industry groups created and the first real mobile payment applications – but now people are now investing more in security for the big push towards this reality.

“With mobile payments, the operator doesn't want a cut of the transaction, they want the data of users' shopping habits so they can give them offers. This is all aligned in a single application,” he said.

The president of martial arts body the Ultimate Fighting Championship (UFC) almost ‘did an HB Gary' last week when he called Anonymous "cowards".

Initially, president Dana White wrote a tweet to the Anonymous news feed ‘YourAnonNews' that accused the group of hiding "behind a screen name".

The hacktivists responded by breaching the UFC's official website and defacing it; White responded in turn by telling reporters at USA Today that the group should "keep hacking our site" and encouraged them to "do it again. Do it tonight".

He said: “You know what's happening? These guys look like terrorists now, and a bill that was about to die is about to come back. I'm not afraid of the internet. I love the Internet. It's fun to get on there and cruise around and stuff. I'm not afraid of you. You want to keep hacking our site, go for it. Watch what happens. You're hurting yourself.”

UFC parent Zuffa is a supporter of the US's proposed Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA)

According to USA Today, the attack redirected the UFC.com domain to other sites multiple times, although servers that hold the company's data were not penetrated.

In a statement, the UFC said: “The UFC.com website was redirected by a criminal hacker to another website. The UFC website was quickly restored to the control of the UFC and there is no evidence suggesting that any confidential information belonging to the company or its customers was compromised.

“UFC representatives are continuing to investigate the matter and are working with law enforcement agents to prosecute those involved.”

Anonymous has also released personal information on White, including his social security number. Softpedia reported that S3rver.exe, who breached Sony Pictures, was one of those responsible for the defacement of UFC.com and UFC.tv.

The hacktivists told Softpedia that one of the two sites had at least 60 vulnerabilities, and that UFC.tv had XSS, BlindSQL Injection and other vulnerabilities. When asked about the reasons for hacking UFC, S3rver.exe cited Zuffa's president calling them terrorists. He said: "Standing up to those you deem to be weak may be at UFC's heart, and I am sure that there is little that scares their fighting machines. However in a cyber war, it is the keyboard, rather than the fist, that strikes the hardest blow and UFC can count themselves lucky for the moment, that no worse has been done."

Radical changes in the way business stores its data are looming, with massive implications for data security.

New Forrester research shows that 66 per cent of businesses are moving their desktops, servers and data into the relatively uncharted territory of the hybrid cloud. Recent events have made it clear that moving sensitive data into the cloud is not a silver bullet and will require a new awareness of the threats that need to be addressed before implementing a cloud storage strategy.

When a disgruntled employee recently succeeded in wiping out an entire season of a major US TV show, we saw how outsourcing sensitive data can render a business vulnerable to the security models of the service provider, while Amazon's notorious data-loss incident illustrated the inherent risks associated with keeping masses of vital information in a single repository.

With Microsoft's recent warning to the EU that the Patriot Act now renders its citizens' personal data vulnerable to seizure, we saw the potentially troubling implications of moving data outside national jurisdictions.

At its best, the public cloud is the epicentre of personal empowerment and the globalised information age; a vast, instantly accessible, global pay-as-you-go pool of corporate consciousness, which can be shrunk or expanded, accessed or updated on demand from any location.

With information set to become ‘the oil of the 21^st century' and mobile multi-national workforces spreading endpoints far and wide, it is clear that there can be no return to the days of fixed-endpoint data repositories.

Businesses now want to adopt a ‘pick and mix' approach, utilising the complementary benefits of different cloud models. The cost-saving benefits of the shared cloud-space, in terms of cheaper apps and limitless scaleable storage space, can be combined with the legal benefits of local clouds and the security benefits of private clouds, enveloping sensitive data in an on-site cocoon.

The hybrid enables cloud models to be moulded to the needs of differing industries and businesses, from companies trading information that require instant data recovery to ensure business continuity in the event of a disaster, to regulated industries that require some information to be stored within their own premises, and businesses requiring data space that can be rapidly scaled up or down in sync with fluctuating demand.

With private clouds increasingly being adopted in tandem with public-cloud models, virtual-machine sales were already outstripping sales of physical servers by 2009. A Microtrend 2011 survey found many businesses were using all three cloud models almost equally.

The next generation of hybrid clouds and the rapidly multiplying array of user endpoints are spawning a deadly new generation of security threats. The expanding cluster of mobile devices and cloud models is leading to an increasing fragmentation of corporate data across multiple clouds and devices with different types of data protection, placing corporate data at the mercy of vastly different security models.

A third (33 per cent) of businesses already support mobile operating systems, and many businesses already make corporate information available through tablets, yet 66 per cent of businesses polled by the Ponemon Institute had recorded mobile device losses in the past year alone.

The modern ecosystem of mobile devices interconnected with multiple cloud models creates an interdependency between cloud providers, businesses and end-users with alarming implications. Imagine a scenario where an employee using mobile device support could have both the corporate data and personal data stored on their phone accessed by anyone who hacked into the cloud provider.

Conversely, if the employee later misplaced their tablet, it could provide root-level access to sensitive business data stored in private or public clouds and available through easy-to-use apps. Also, employers are at risk of prosecution if they wipe personal data stored on employees' tablets when attempting to remove corporate data.

With 40 per cent of businesses planning to manage hybrid clouds through in-house teams, the implementation of data-security policies across different cloud models, devices and tiers of data could become an admin nightmare for corporate IT staff.

Businesses need solutions which can safeguard fragmented corporate data across multiple devices and clouds in line with corporate policy. Yet companies are currently adopting only patchwork solutions, which fail to take into account the abundant array of security threats.

Datacastle's RED software automates the process of integrating all business data-security policies through a central policy framework, by combining remote deletion, remote port-locking, automatic encryption, device trace, automatic backup and data restore through a single agent, tailored to the policy needs of the organisation and designed for a hybrid-cloud model.

A unified cloud-computing infrastructure will only help business get the best out of cloud technology if it can be protected under the umbrella of a unified security framework.

Gary Sumner is CTO and founder of Datacastle

In a presentation last week, Barclaycard head of payment security Neira Jones said "every time someone says APT, an angel dies in heaven".

Aside from the unseasonal Clarence-isms, is it the case that people are tired of hearing buzzwords, abbreviations and acronyms without any real clear explanation as to what they actually mean?

Talking last week to Graham Nash from Fortinet, he used the more PC term of 'targeted attacks', but said that often people have their own definition of what an APT actually is. He claimed that what was seen in 2011 was not a revolution, apart from the new term and concepts; rather it is the availability that has changed in the past 12 months.

He said: “Look at the key components and challenges; there is the attacking engine and crimeware-as-a-service that enables more and more people to be able to do this. In 2012 I see mobile becoming a factor too.”

Nash said the APT was often carried out following a "long gestation period" and attackers will "always find a victim", with phishing or spam messages often just precursors that deliver some malware or get an endpoint to be part of a botnet, in order to figure out a weak link in the chain.

I asked Nash if he felt then that the APT, or targeted attack, was a tool in cyber warfare. He said: “Look at the key components and motives on cyber attacks: money; geo-politics; companies; and hacktivism.

“Attacks can be high-risk and low-cost with denial-of-service or ransomware, so from an eco-politics point of view, a website can be taken down and, at worst, that is a branding problem. However, using ransomware is a risky way of doing things from the attacker's perspective, as there is no easy way to extract money and the attacker needs a method of protection for them and their assets as they do need to cover their tracks, identity and location.”

Looking forward to the rest of 2012, I asked Nash if he felt that there would be any changes from a hacker's point of view. He believed that there would be attacks on new versions of Flash or Windows and new vulnerabilities, as well as more activity as part of the evolution of threat versus mitigation.

“Also, 2011 showed that no one knew what an APT was and did not understand it. 2012 will be when companies do something about it,” he said.

“Cyber crime is costing the UK economy £27bn a year, and the key thing is at enterprise level, about what companies are doing and how they are incorporating the threat and cyber crime into their overall risk management and security controls. That will have a major impact on how much APT is taken seriously.”

So it does still remain a buzz-phrase, but APT (or targeted attack) is something to consider when assessing your risk profile, as Nash said. Yet it has the abbreviation status that can put some people off, and it may be time for researchers and writers to be a bit more serious on this subject.

Through 2011, trust in a number of technological protocols, devices and companies came under attack.

We saw hacking collectives shout about their exploits on Twitter, high-profile companies suffer severe data thefts and entire governments come under attack from hackers. Clearly none of these security threats were new in themselves, but public awareness of them reached an all-time high, and the trust and confidence of users became increasingly fragile commodities.

2012 looks set to continue to test trust – and companies are going to have to work very hard to rebuild and retain the user confidence that is crucial for them to function.

For both individuals trusting the sites they visit to be genuine and organisations trusting the reliability of their certificate issuers, trust in the security and authenticity of the internet is paramount.

This trust came under particular attack in 2011, with the secure sockets layer (SSL) protocol demonstrated as badly implemented, and the website certification industry hit repeatedly.

Both DigiNotar and Comodo were hit by malicious hackers, KPN Corporate Market discovered a security breach that may go back four years, and Microsoft revoked trust in DigiCert Sdn. Bhd on the basis of poor security practices. This shows that the system is already untenable.

Quite rightly, authorities are already looking for stricter governance of this system, with the CA/Browser Forum approving baseline requirements for SSL/TLS certificates. Subjects including verification of identity, certificate content and profiles, certificate authority (CA) security, liability, privacy and confidentiality will be subject to best practice baselines, with a July deadline for implementation.

But the intractable issue is that there is no organisation sitting above the reams of CAs that are, ultimately, dealing in trust and confidence. There are more than 1,500 of them, it's complicated and convoluted and there's no overriding standard of security or quality.

Ultimately, it's far too easy for an organisation to become a CA. So what value is being placed on trust? Far greater transparency and clarity is required, with the security standards that CAs attain made public. If providers want to be trusted they not only need to unite, agreeing standards of security and scrutiny, but also undertake rigorous external audits and publicise the results.

Greater clarity also needs to be provided for the end-users who run the risk of their data being silently decrypted via earlier versions of TLS, or accidentally using websites that have been issued with false certificates. If diversity online is to be maintained, the confidence of those end-users is crucial.

What certificate authorities, websites and mobile device manufacturers have in common is that for most businesses they are third-party suppliers, companies whose goods or services have a direct connection on other organisations, but whose security procedures are out of reach.

It is not sufficient for organisations to strengthen their own security procedures and policies. If they do not also validate the security of those suppliers that may provide easy access to contact details or sensitive data, then a back door is being left open.

It is the fragility of third-party security that, ultimately, means that generating and sustaining trust is going to be vital in 2012. Whether manufacturers or service providers, businesses or governments, all organisations must not merely be secure, but be seen to be secure.

Rob Cotton is CEO of NCC Group

Think all security information and event management (SIEM) vendors are owned by big businesses?

This week I met with a new vendor in the SIEM space that has undergone a major expansion with the recruitment of some seasoned security professionals. Founded in Spain in 2002 and now based in California, AlienVault began with an open-source technology, with a commercial version following a few years later.

Executive vice-president James Yares said this commercial version was created to handle capacity and volume. “The value of the company is to be democratic and make it available to everyone, its roots are in open-source SIEM and to support and enhance that, and we continue to work with the open-source SIEM,” he said.

Rather than speaking as the old head corporate head, Yares was in his fourth week at the company, while senior vice-president of international sales Richard Kirk was in his third week. Both men were previously at Fortify, and moved on following the acquisition in 2010.

Also joining them are former Fortify chief products officer Barmak Meftah as president and chief executive officer and Fortify founder Roger Thornton, who assumes the same position as chief technology officer.

John Richardson, formerly vice-president of finance at HP Fortify, will serve as vice-president of finance and administration. Jack Marshall, formerly vice-president of customer success at HP Fortify, will become vice-president of customer success, while Gail Boddy, former vice-president of human resources at HP ArcSight, will have the same role at AlienVault.

AlienVault will continue to be led by co-founders Julio Casal and Dominique Karg, who will be general manager of the new MSSP business unit and lead of the open-source SIEM community as chief hacking officer respectively.

Yares told me that AlienVault enables users to deploy and operate cost-effective unified security management solutions for better threat management and easier PCI/SOX compliance, while its solutions come integrated with sophisticated open-source security tools such as Snort, OSSEC, OpenVAS, ntop, Nagios and NetFlow.

The past 18 months saw most SIEM vendors swallowed by IT powerhouses, with NitroSecurity now part of McAfee (therefore Intel), Q1 acquired by IBM and, perhaps most notably, ArcSight acquired by HP.

Yares said the SIEM market is "well-established and growing quickly", and while other vendors have been bought up and it was a "ton of fun" to be acquired, it was now their job to grow a new company and make it valuable.

He said: “What we always hear from CISOs is that there is value in SIEM systems and they have stuck with the AlienVault design and what comes with it. They like how it is engineered and how its sensors make use of the open-source computing and the fast time to deployment.

“It is deep technology that others do not do and an example is its reporting capabilities. Some users have said that they put it in to see what is in the network. With this there is an opportunity to grow rapidly.

“We have had 160,000 downloads of the OSSIEM; we find that people download enough to get going and enable security teams to learn about SIEM to use it.

Kirk said: “This was built for open source so we have had to make it so it works from the ground running, but we will continue to take advantage of our open-source roots.”

AlienVault later confirmed financing of £5 million from Trident Capital with participation from existing investors Adara Venture Partners and Neotec. Trident Capital has a track record of building successful cyber security companies including: AirTight Networks, BlueCat Networks, HyTrust, Qualys, Solera Networks, Voltage Security and Sygate.

Trident managing director J. Alberto Yepez is appointed as chairman of the AlienVault board, while Trident principal Michael Biggee also joins the AlienVault board of directors.

AlienVault said that the funding will be used to accelerate research and development and aggressively expand sales and marketing to meet increasing demand for unified security management from around the world.

The company has already staked its case in 2012 with research on attacks, and if you can overlook the brands that are now part of a portfolio, there is a space ready for AlienVault.

Yesterday marked ten years to the day since Microsoft founder Bill Gates sent an internal memo that led to the foundation of its Trustworthy Computing division.

The original memo is available here, but to summarise, Gates called Trustworthy Computing "the highest priority for all the work we are doing" and said "we must lead the industry to a whole new level of Trustworthiness in computing".

The concept was about more than trust and simple security, it was about capability; and, as Gates said, the 9/11 attacks and disruptive malware "reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure".

With foresight of which HG Wells would have been proud, Gates said: “Computing is already an important part of many people's lives. Within ten years, it will be an integral and indispensable part of almost everything we do. Microsoft and the computer industry will only succeed in that world if CIOs, consumers and everyone else sees that Microsoft has created a platform for Trustworthy Computing.”

He also said that "eventually our software should be so fundamentally secure that customers never even worry about it". Well, we would like to think that it is, but has that actually been achieved? Of the key aims of the Trustworthy Computing project, Gates said it should include: availability; privacy; and security.

With regard to the latter, he said: “The data our software and services store on behalf of our customers should be protected from harm and used or modified only in appropriate ways. Security models should be easy for developers to understand and build into their applications.”

He also claimed that "our products should emphasise security right out of the box and we must constantly refine and improve that security as threats evolve"; he referenced changes in Outlook to avoid email-borne viruses, with any possible privacy compromise issues resolved first, as well as intention to better protect important data and minimise downtime.

“These principles should apply at every stage of the development cycle of every kind of software we create, from operating systems and desktop applications to global web services,” said Gates in 2002.

According to Threatpost, Microsoft held a small conference in Redmond on what it then called "trusted computing" ahead of the memo being sent, where software security experts discussed the principles and concepts that were the foundation of building more secure software. In the months following the memo, Microsoft began internal changes designed to refocus its developers on the idea of building secure software.

Yes, this led to some products being slower to market, but Microsoft saw the importance of building secure products – look at the long wait for Windows 8. Trustworthy Computing now focuses primarily on its monthly bulletins released on Patch Tuesday, identity and access management and the development of IT concepts, to name just a few.

My last direct dealing with Microsoft Trustworthy Computing was when I met with its general manager of communications, Adrienne Hall, at RSA Conference Europe, where she was evangelising on the future of the cloud.

It was not a great call to arms or a directive for all of Microsoft's staff to down tools and be more secure, but more about Gates's vision on the future of secure software and how his brand had to be a leader.

Threatpost suggested that the memo created widespread acceptance that software security needed to be a top priority, and I would suggest it did more: it began a revolution that affected businesses around the world and the man on the street. It led to the industry as we know it today and Microsoft remaining as one of the most important cogs in IT and security.

Warnings have been made about Quick Response codes as they begin to be impacted by cyber criminals.

A QR code is a two-dimensional matrix barcode and, when scanned by a camera phone, will link the user directly to the mobile web, usually a social media site, online video or promotional page.

Websense said its ThreatSeeker Network has begun to spot spam emails leading to URLs that use embedded QR codes. In the cases spotted, a spam email arrives with a URL; if clicked on, a QR code appears and, if a user scans it, it leads them to pharmaceutical spam.

Elad Sharf, security researcher at Websense Security Labs, said: “We've been looking at QR codes as a potential malware/spam route for a while now. Inherent in the design is a level of trust and novelty that can be abused.

“In many ways it was just a matter of time before we saw spam messages point to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology.”

Paul Vlissidis, technical director at NGS Secure, an NCC Group company, said the concern with QR codes is that control is taken out of users' hands and there is no indication on the code of the URL you are being transferred to, so there is no way of checking in advance whether it is genuine.

“Even more worrying, while a computer will warn you if you have clicked on a link to an unverified site, a smartphone will take you there directly. QR codes on billboards are surprisingly easy to manipulate, all it takes is for a fraudster to place a sticker over the existing code, and unsuspecting users can be directed anywhere. Malicious sites can start downloading malware to a device without buttons being pressed or files opened,” he said.

One notable attack via QR code took place in Russia in 2011, where a Trojan disguised as a mobile app called ‘Jimm' was installed and started to send a series of expensive text messages that cost users £4 each. Paul Henry, security and forensic analyst at Lumension, said QR codes take URL obfuscation to the next level, particularly at a difficult time when malicious URLs continue to be a problem.

The problems with shortened URLs has been well documented, but could this be a new tactic that industry is falling behind? James Lyne, director of technology strategy at Sophos, said "convenience consumer technologies" are opening up new vectors of fraud; QR codes manipulated simply with a sticker over a corner of a legitimate code will direct the user to a spam site or worse.

A study by Chadwick Martin Bailey and iModerate Research Technologies found that around half of 1,200 consumers interacted with a QR code when they saw one, with 21 per cent then going on to share personal information. Curiosity and information-gathering were the primary reasons for wanting to scan a code, and the promise of discounts and special offers seemed to be the most effective way to generate interest.

Claus Villumsen, CTO at BullGuard, said: “While these are primarily used as a marketing tool for advertisers so customers can get more information on products or services, cyber criminals know that services that pique interest or offer ‘special deals' are often prime targets for spreading malware, stealing identities and phishing for personal information.

“In other words, QR codes make things run faster and easier, but they can also pose a threat to your mobile security.”

BullGuard recommended using a mobile QR code-scanning app that previews URLs and to avoid scanning suspicious codes and links that do not match the adverts they are incorporated into.

This is going to be a tricky one for security vendors to mitigate – it is being driven by marketing departments keen to embrace a clever new techhnology, and public adoption is hard to control. Perhaps this just needs better application development as BullGuard suggests, before it gets out of hand.

As many organisations rush to adopt technologies that enable their workforce to be more mobile and satiate user demand that IT support mobile devices, security often becomes an afterthought.

In this bring your own device (BYOD) environment, enterprises are struggling to lock down an ever-growing number of endpoints. So how can you give users the flexibility they want while maintaining the utmost security? These are the three basic steps that you need to take into account:

Adopt mobile management solutions that provide tiered functionality Provide yourself with the capability to quickly lock down any and all devices that are assigned to a user. The first level of capability should be immediate blocking of specific devices from corporate data, if they pose a threat.

Additionally, remote wiping capabilities should be a level-one capability for devices that are out-of-policy, non-compliant, include active threats or are lost or stolen.

Emphasise broad platform support and policy configuration Rather than viewing support at a device level (there is no way you can support every gadget out there), focus on supporting far-reaching platforms (i.e. Android encompasses a number of phones and tablets; iOS includes iPod Touch, iPad and iPhone). Also, leverage policy-based functions that allow you to set a precedent for which devices/operating systems are allowed in the network and what they are able to access.

In many instances, these policies can be implemented via technologies you already have in place to manage PCs. This way you don't have to invest in separate consoles, infrastructures and, in some cases, teams.

Adopt mobile management solutions that don't require active alerts by the user community Accept the fact that some users will inappropriately bring new devices into your corporate environment, as well as expose current devices to unsecured networks.

In this case, you will need solutions that employ agentless discovery capabilities. This will enable you to proactively intercept all devices and take defined actions concerning access and control between those devices and the rest of your infrastructure.

Devin Anderson is product line manager for LANDesk security suite