This page contains a Flash digital edition of a book.
Addicted to Your


Smartphone?


Research recently published by the journal Personal and Ubiquitous Computing found users regularly check their smartphones for new information at regular intervals, in what the researchers described as a “checking habit”. The study’s subjects said they reviewed the data on their smartphones on average 34 times a day, for less than 30 seconds per check, with checks typically occurring within 10 minutes of each other. The study’s respondents said they were not required to check their smartphones this many times during the day, but felt compelled to do so out of habit.


Organizations need technical solutions for securing access to mobile devices and their contents. These include: enabling or installing functionality, such as malware protection, fi rewalls, and storage encryption; enforcing complex passwords; and enabling remote maintenance, upgrades, and device wipes through a mobile device management (MDM) system. Secure disposal of smartphones and tablets also needs careful consideration – many of these devices are auctioned off, thrown away, or sent to be recycled. There is the possibility of information stored on the device being compromised very easily via one of these methods. As one information security executive commented, “When someone leaves, what are they walking out with?”


For laptops, there are a wide variety of solutions to choose from, but the secret is to select the solutions that best fi t the needs of the business. Tablets and smartphones may have to be dealt with on a case-by-case basis as ‘commercial strength’ solutions become available. Where possible, the basics – such as patching, malware protection, software and fi rewalls – will need to be in place on the employee-owned device, to provide a minimum baseline of security. Virtualization (or using cloud-based virtual desktops) is likely to play a major role. By using a virtual environment, organizations can ignore the underlying device and deploy a secure environment in which the employee can work. The security of the virtualized machine and associated information can be enhanced by prohibiting the use of USB devices, printing, or writing to the device’s storage, and by deploying applications such as digital rights management (DRM) and data loss protection (DLP).


Applications and Data Most applications on portable devices will have been purchased or downloaded from an app store or software vendor. In many cases, the provenance of the apps is unknown, and


32


they are unlikely to have undergone formal software development and testing, or to be provided with proper documentation and upgrade regime. The apps may also lack activity reporting and logging, and typically provide poor data protection.


Organizations need to ensure that apps used for business – and the types of data they are able to access or generate – are appropriate and properly tested. This might include going as far as developing apps in- house and building an organization’s own app store. This way, apps can be thoroughly tested and secured against malware infections. Organizations should also implement data classifi cation to set limits on the type of data that can be accessed or generated by users on consumer devices.


Wading Through a Rising Tide


The moves toward consumerization of IT and the rise of BYOD in the workplace are real and fast-moving trends, but they should not mean a loss of control over IT resources and behavior. Information security professionals need to ensure the right guidelines, processes and procedures are in place so that information stored or accessed from portable devices is well protected. Many people – either because of their job or role, IT experience and knowledge, or their personal outlook – may not want to mix their business and personal lives; they may not want to be ‘contactable’ at all times, or open up their devices to scrutiny by an organization. This means organizations will continue to supply IT equipment to employees. As one risk professional put it: “When we told employees that they could use their own device for work, there was considerable interest. When we told them we wanted to inspect and audit their devices, the interest almost vanished.” However, while organizations address the rapidly rising tide of smart portable devices entering the work environment, they cannot afford to stand still: now is the time to get smart about device security.


January/February 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60