Home > Technology & Telecom > Tips for mobile device security

Tips for mobile device security

Smart phones are emerging as a vital tool in the enterprise IT armory. The Morgan Stanley Mobile Internet Trends report estimates that that during 2010, smart phone sales will outstrip sales of netbooks and laptops, and will overtake the entire PC market (including desktops) by 2012. So what is the impact on IT managers? With more devices in use as mobile computers, accessing corporate files on a daily basis, mobile devices present major security risks. To ensure that they are not a threat to your organization, read our eight tips:

1) encrypt your links
Virtual private networks are generally considered vital in the fight against online snoopers, especially when connecting across the public Internet. Ideally, ensure that any VPN solution used includes strong authentication. Popular solutions include SSL VPNs and IPSec VPNs.

2) encrypt your content
Laptops and mobile phones are both susceptible to loss and theft. Encrypting the content on them is critical to stop the data that they contain falling into the wrong hands. For laptops, use full disk encryption, so that files stored in the wrong place are not left unprotected by mistake. Any mobile phone platform targeting an enterprise environment should be able to encrypt information stored locally, and the BlackBerry, for example, can certainly achieve this/. However, some reports suggest that not all vendors’ implementation of mobile device encryption is adequate, so research your encryption choices wisely.

3) manage your people, not just your technology
VPNs are useful when it comes to stopping others from sniffing your users’ packets across public networks. But they will not help when users do things that they shouldn’t. Common mistakes include dragging and dropping files to laptop desktops and devices, and failing to encrypt them, or even worse, mailing the files to themselves using webmail services. Ensure that users are aware of the appropriate behaviors for mobile device usage, and reinforce it with regular training. Ideally, enforce those policies where possible, using technologies such as data loss prevention which can prevent users from mailing sensitive material to themselves, or from copying server data to a mobile device’s local store.

4) create technically-enforceable policies for different users and devices
Different types of connection may entail different risks. Public Wi-Fi, for example, is less secure than an encrypted cellular connection, or a link from a branch office to head office via a private WAN connection. Different users, too, will have different requirements. The senior VP of sales is likely to require access to more information than a marketing assistant. So invest in a system that can impose different security policies according to these varied parameters.

5) use network access control to protect your network
Ensure that devices are checked by a server within the infrastructure when they access the network either remotely or from inside the physical LAN. This can stop them from infecting the network with malware that they have picked up while outside the organization. It can also be useful for unmanaged devices not owned by the organization, such as contractors’ PCs. Unmanaged devices, and those with out of date patches, can be placed on a quarantined, limited functionality part of the network so that they cannot cause damage to other endpoints or servers in the infrastructure, but can still take advantage of certain core capabilities such as Internet access.

6) virtualize your endpoints
The easiest way to protect a mobile device such as a laptop from harm is to use virtualized software that can be replaced easily, and which can be shielded from the system’s underlying resources. This can be useful if, for example, you are resigned to employees using their systems for personal pursuits at home, in addition to work tasks. They could be required to log into a virtualized operating system that contains no access to work resources when they want to play games or use their personal webmail, for example. This could enable the IT department to install a ‘crippled’ virtual operating system with locked-down functionality that enables them to access only the work resources that they need (all web sites other than the internal intranet could be blocked).

7) patch in the field
An unpatched mobile device is a dangerous mobile device. It is vital that administrators keep devices patched, but the problem is that a many devices are rarely bought back to the office. The ideal scenario is to send updates to devices remotely, so that they can be kept up to date wherever the user happens to be. Choose a system that enables this patch management in the field, and which ideally integrates with change management processes, so that stakeholders can approve changes and have them pushed to remote devices quickly and efficiently. Solutions such as Orange Business Service’s Secure My Device handle over-the-air patching with bandwidth control, so that a user’s productivity is not interrupted.

8 ) get up to speed on asset management
Managing your mobile devices requires that you know what you have. Given the tendency of mobile devices (especially phones) to proliferate within an organization, it can be easy to lose track of what’s in the field, and therefore what’s reconnecting to the network. Be sure that your organization has a suitable asset management process in place, so that you know how many devices you’re dealing with, what they are, and which employees own them. This will also help when it comes to managing remote patches and wiping procedures.

Categories: Technology & Telecom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: