With the introduction of cool mobile devices available for the corporate world, executives feel their existing blackberry out of fashion. For a while, blackberry devices ruled the corporate world for mobile communications. They are efficient and highly secure.
Blackberry security is still considered the gold standard for enterprise mobile communications. However, with generation Y taking over the corporate world, enterprise infrastructure have a hard time meeting their demand to have social networking and other mobile applications available on their mobile devices. RIM’s product is no more preferred; rather it is now one of the options that should be available to the corporate users.
There is also increasing demand among employees to use their personal mobile devices (individually liable) for enterprise use. They view pervasive wireless LAN (WLAN) and mobile cellular coverage as “must have” capabilities and consider smartphones as “must have” tools that would help integrate their personal and professional lives.
Until recently every enterprise had a web address advertised along with their products. Now, their applications are showing up in mobile device application (app) store and their mobile web addresses (example m.mycompany.com) are advertised along with their web address (example www.mycompany.com) increasing their competitiveness.
So how do we secure such diverse devices while making them available for corporate use?
Continue reading “Secure Mobile Device For Enterprise”
Smartphones are now rich in features that include network connectivity, enough storage space with efficient processors. These enter your network through authorized corporate users while others are brought in by employees who purchased it themselves.
The following are some of the security considerations for smartphones in an enterprise:
- Have a proper enterprise security policy in place for smartphone that can be applied and enforced for everyone.
- Education and training is important for the awareness of such policies.
- Security policies and standards should be enforced in such a way that the use of the device should be seamless to the user. While having efficient disk encryption for sensitive information, it’s also desired to have easy access to 911 without a password.
- Smartphone used in the corporate world needs to have applications on a need to have basis. It should be treated similar to the way we treat locked down laptops. Each application needs to be mandated by a business case.
- Ensure that smartphones cannot access your intranet directly. Have a separate network segment for its gateway and supporting applications.
- Like any other operating system, the smartphone OS need to be updated regularly with timely patches.
- All communication from an end user of the enterprise network should be encrypted end-to-end; not just from the device to the receiving terminal. Emails, file transfers, and IM are some of the communication channel that may be considered for the end-to-end encryption; of course based on the data classification of the information that is in scope. For highly sensitive communication, use encrypted tunnels such as VPN. This applies mostly for data streams.
- Sensitive information contained in emails and messages needs to be stored securely at the server as a backup in case the device gets stolen or lost.
- Smartphone sensitive to dictionary attacks on access password of the device are better. These devices will wipe out all data after certain number of attempts.
- Smartphone cannot be considered as out-of-band communication channel anymore as they may be part of the same network. It cannot be considered for identity verification for anything to do with mobile devices or remote access. A smartphone with smardcard reader is a viable option for those who need to authenticate using something they possess.
- Ensure the integrity of the data and applications are maintained. A password or token based challenge may be ideal for access to the smartphone. Have a synchronization option to back up important and critical information. The backup would always help to retain such information in case of loss or theft of the device. Try to prevent installation of unwanted and malicious software to the device.
- At the time of disposing an outdated smartphone, ensure sensitive orphaned data and logs are completely removed before disposing it. Tools are available in the market to ensure that residual data is removed before the disposal. If the device memory can’t be erased completely, destroy it in such a way that no information can be recovered after getting it from trash.