This page contains a Flash digital edition of a book.
Smartphones Require Even SMARTER SECURITY


26 BY PAUL DEBEASI E


NTERPRISES INCREASINGLY rely on smartphones to improve employee productivity. Unfortunately, lack of essential


security and mobile device management introduces substantial security risks for smartphone users. In addition, many enterprises do not provide adequate governance to deal with issues such as device ownership and data leakage. This article provides best practices for enterprise mobile device and smartphone security policy development and enforcement.


Are Smartphones


a Security Threat? Smartphones represent a potentially enormous


security risk to the enterprise. A growing number of employees use personally owned smartphones to access enterprise applications. Unfortunately, many of these mobile devices were designed for the consumer. As a result, information technology (IT) teams often refuse to support employee-owned devices. This encourages users to bypass IT and to manage their mobile devices using external services such as MobileMe. The larger device storage capacity and faster cellular speeds also make it easier to store sensitive information on smartphone and mobile devices, increasing the risk associated with data leakage.


What Can You Do to


Protect Your Enterprise? Enterprises should establish a mobile device security


policy to reduce threats without overly restricting usability. Enterprises should consider the following mobile device management policies.


Define Use-Case Requirements Identify groups of mobile users with different mobile information needs. Define the use-case requirements for each group of users (e.g., field engineers need access to technical specifications, and sales personnel need access to customer relationship management software).


Create an Enforceable Mobile


Device Security Policy For each use case, define mobile device management


policies that address issues such as ownership, personal/professional usage and security. Note that policies may differ (e.g., more/less restrictive) for each of the use cases.


Adhere to Security Best Practices • Enforce strong passwords and automatic lock out rules for mobile device access and network access.


• Reset the device to factory defaults if it is lost, stolen, sold, or sent to a third party for repair.


• Perform a periodic audit of security configuration and policy adherence to ensure that settings have not been modified.


• Encrypt local storage, including internal and external memor, and enforce the use of virtual private network (VPN) connections.


• Enforce the same wireless security policies for laptops and smartphones and perform regular backup and recovery of confidential data stored on mobile devices.


• Perform centralized configuration and software upgrades “over the air” rather than relying on the user to connect the device to a laptop/PC for local synchronization.


Remove Residual Application Data Ensure that mobile applications remove all enterprise information from the device. Residual information left behind by a mobile application can present a security risk.


Evaluate Third-Party Products An increasing number of third-party products


from companies such as Trust Digital and Good Technology can help an enterprise manage its mobile devices. Evaluate how they can help simplify security provisioning in enterprises that must support smartphones from a variety of vendors.


Perform User Education Implement a continuous program of employee


education that teaches employees about mobile device threats and enterprise mobile device management and security policies. A growing number of employees expect to connect personal devices to enterprise networks in order to retrieve email, synchronize calendars and access enterprise applications. Although the enterprise may not own the device, it does own the informational assets stored on the device.


WWW.MOREDIRECT.COM


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36