T 1.15 Degradation due to changing application environment

Mobile data media and devices are used in a very wide range of environments and are therefore subject to a number of threats due to the environment. These threats include, for example, damaging environmental conditions such as excessively high or low temperatures as well as dust and moisture. Other problems resulting from the portability of the devices include, for instance, damage caused during transport.

Another important aspect of mobile data media and devices is that they are also used in areas which have different levels of security. In some environments, the user knows which level of security is provided, but may not in others. In addition to portability, the ability to communicate with other IT systems is also a reason why PDAs, laptops, and other mobile devices are used. For this reason, the problems that could be caused by interacting with other IT systems must also be taken into consideration. The trustworthiness of the IT systems in the organisation itself can be estimated to a certain extent, but it is difficult to estimate the trustworthiness of an unknown environment. Communication with unknown IT systems and networks always poses a potential threat to your mobile system, its applications, and its data. When establishing contact with other IT systems, for example, computer viruses or Trojan horses can also be transmitted.

When returning with mobile data media and IT systems, it is therefore always necessary to ask where the USB stick, PDA, or laptop has been and to follow the corresponding precautions.

Another problem arising when using external infrastructures, for example when downloading information at trade shows, is lack of transparency frequently encountered in the services offered.. Many service providers collect customer data to create profiles so, on the one hand, they can offer services that are better tailored to their customers, but also so they can sell this data to other providers. For example, profiles could be created solely by evaluating the information on where the user was and how the user communicates (which services are used when, how often, and with whom). Even applications that run entirely on the mobile end device may collect data (e.g. on the frequency and type of use) and then send the data as soon as the device goes online.

Mobile data media and devices are lost or stolen all the time. The smaller and more popular such devices are (as is the case with PDAs), the greater the risk of them being stolen. In addition to the loss of the media or device, further damage can be caused by the loss and/or disclosure of important data.

© Federal Office for Information Security. All rights reserved.