.FLYINGHEAD ENTERPRISE SECURITY
.TITLE Smartphones: productivity booster or security time bomb?
.AUTHOR Mike Temporale
.SUMMARY How can you secure your enterprise’s mobile phones? In this interesting article, Mike Temporale discusses some options that take security responsibilities away from the end-users and give them to the IT staff.
.OTHER
We learned a long time ago that protecting the desktop in the enterprise is not a job that should be left to individual computer users. Most end users really don’t care about anti-virus tools, firewalls settings, spyware removal, folder permissions, data encryption, and all the other security concerns that come along with operating a fleet of personal computers in today’s enterprise environment.
They should, but they often don’t.
Why should mobile devices be any different? As mobile devices become more powerful we are seeing an increase in how mobile devices are being used to automate and streamline business. Be it a mobile phone, handheld scanner, laptop, or even a specialty device like a cash register or banking terminal, relying on the end user to secure the device and keep it safe from malicious programs and prying eyes is a recipe for disaster.
.TEASER If you want to avoid unauthorized access and increase security, tap here and read the rest.
.H1 Unauthorized access
IT departments are enabling push email to the company’s mobile devices. This allows employees to get their corporate emails anywhere and at anytime a– therefore empowering employees to respond to issues before they get out of hand.
Here’s a scenario. What happens when an employee walks into the neighborhood electronics store to shop for a new device and enters their company’s email settings into two or three devices to compare the built-in email applications on the devices? Those devices now have a connection to the enterprise mail server but are not covered by any management tool and have no security configured.
One solution is a mobile device management tool that allows you to push SSL certificates to authorized devices before the device can be configured to connect to the enterprise mail server. This would help prevent the unauthorized access. It would also help save the labor and time resources due to the automatic configuration, instead of taking time with each user to configure settings individually.
.H1 Securing data on the device and on removable storage
The prevalence of large capacity removable memory cards has changed the type and amount of data people are willing to carry on their devices. A basic wipe policy is no longer adequate protection against the risk of lost or stolen data — especially when the delivery of the wipe is not assured.
Ensuring that corporate data is protected at all times is something the end user may not be concerned about or have any control over. Leaving the setup and configuration of device side security and file encryption to the end user of the device would spell certain doom if the mobile device was ever lost.
When selecting a tool to manage your devices, you need to make sure that it supports encryption of the mobile device’s onboard storage memory and not just the storage card. Expecting the end user to only save documents to the storage card is unrealistic.
Most users don’t even know where a file is saved on the device. Strong encryption algorithms combined with remote setup and configuration capabilities is the only way to ensure that all devices and data are safe.
.H1 Securing the communication channel
An increasing number of mobile devices can be found with "always-on" data connections thanks to the dropping price of data from mobile carriers. This creates a number of new opportunities for mobile applications that can communicate back to the enterprise in real time.
It also creates an opportunity for new, always-on security risks.
While this can be a great advantage for your custom line of business applications, it can also leave devices with inadequate security open to viruses and malware. Admittedly, the current crop of mobile viruses are fairly basic and don’t pose too much risk. However, as it did with the desktop, the existence of an always-on data connection will drastically change the security landscape when it comes to viruses.
The user of the mobile device may not be concerned about downloading the latest antivirus solution or running a daily scan of the system. Another interesting challenge is to somehow fit the sizable database of virus definitions and store it on the device.
There is another way to approach the problem of malware and viruses. You can prevent a virus from ever running on the device by using application run control with a list of approved and restricted applications.
There is no need to frequently scan the device’s file system or memory and no need to store a large database of virus signatures on your device. A simple list of approved and restricted applications and software to enforce it is all that you need.
.H1 Lost and stolen devices
Have you ever lost your wallet or purse? The time, stress and hassle involved in cancelling your credit cards and bank cards, and requesting a new drivers license, Social Security card, passport, and whatever else might have been lost, can really seem overwhelming.
Then there is the risk of identity theft. So you’ll need to contact credit reporting agencies, the police, and other government agencies about the possible risk of identity theft. It would be so much easier if you could lock your wallet to prevent anyone from opening it and taking your information and money.
A lost or stolen mobile device can be an even bigger risk for the enterprise. It’s not just the risk of losing the data that is stored on the device, but also account/VPN information, and other data exposed over the network by client-server based applications.
.BEGIN_KEEP
Reaching out to the lost device and preventing access to the device is a key requirement for any enterprise mobile device management solution. You need to protect that information and it needs to be remotely manageable.
It’s not practical for each mobile user to have their own management console. A centralized management console means a device can be locked quickly and easily by calling the enterprise help desk. Selecting a device management tool that will work over text messaging will allow you to secure the device even if the device doesn’t have an active data connection — fast, simple, and secure.
.H1 Enterprise mobile security — a 360 degree perspective
Effective mobile security for the enterprise must provide safeguards not only for the device but for the data stored on the device and removable media, the communication channels through which the data flows when in transit, the end users who have physical access to the device, and the helpdesk or administrators who have remote access to the device.
Devices roaming nation-wide over different cellular networks pose unique security challenges. Unfettered from enterprise LANs, the geographical spread of cellular-enabled mobile hardware is truly global and security-conscious administrators need to plan for — and be equipped — for the unforeseen.
.BIO Mike Temporale is a mobile Device Management and Security Specialist for SOTI Inc (at http://www.soti.net). He has extensive expertise working with mobile devices in various capacities including programming, consulting, writing, and community involvement. Mike has been recognized by Microsoft’s MVP program as an exceptional technical community leader who voluntarily shares high quality, real world expertise in offline and online technical communities. Mike can be reached at Mike.Temporale@SOTI.net.
.END_KEEP
