Enterprises Need a Tangible Mobile Device Security Plan
Large corporations are seeing a huge number of employees wanting to use their own devices or BYODs for work. There is no denying that mobile devices do make performing your job easier, more efficiently and possibly with less back problems.
As small as laptops have been getting, whenever I have to carry mine around for a couple of days, I definitely feel it. Being able to use mobile devices such as a smartphone or tablet is way more convenient. So what is the problem with that?
The problem is that these devices have entered the workforce en masse. It is not simply a matter of just using your mobile device. There are a lot of issues that the enterprise has to consider before you can use your smartphone or tablet, including application and expense issues and, possibly the most important, security issues.
IT security managers have been attempting to deal with the fast influx of devices, but most are reeling from the overload. Unless everyone has the same device, you are looking at a variety of Oss. This alone can be a nightmare. Add to that security issues, possible vulnerabilities and creating the right technology to secure all the different devices.
IT Business Edge has come out with “Guidelines for Managing the Security of Mobile Devices in the Enterprise” that break down the issues surrounding mobile device security. According to the group, security can be broken down into manageable segments such as:
- Defining Mobile Device Characteristics
- Technologies for Mobile Device Management
- Security for the Enterprise Mobile Device Solution Life Cycle
It further breaks this down into a couple of subcategories to help guide the IT security teams through developing their own device security management plan. Some of the items that should be considered are:
- Creating and enforcing a general policy
- Encrypted data communications and storage
- User and device authentication
- Restricting app stores, apps and permissions for those apps
The National Institute of Standards and Technology (NIST) has made some suggestions to ensure greater security. Basically, it warns that mobile devices must be secured against a wide variety of threats, such as losing your having your device stolen.
NIST clarifies this by saying, “The mitigation strategy for this is layered. One layer involves requiring authentication before gaining access to the mobile device or the organization’s resources accessible through the device. More robust forms of authentication, such as token-based authentication, network-based device authentication, and domain authentication, can be used instead of or in addition to the built-in device authentication capabilities. A second mitigation layer involves protecting sensitive data—either encrypting the mobile device’s storage so that sensitive data cannot be recovered from it by unauthorized parties, or not storing sensitive data on devices.”
I’m not sure, but if I have to go through 10 layers of security measures to access a document that I want to make one change to, I might just wait until I get back to the office. Somewhere I seem to have lost the convenience of BYOD or remove ads by.
There is most definitely a need to provide security for mobile devices, but as with any device, too much security or making anything too difficult to use will result in that device not being used at all. There has to be a complementary relationship with everything mentioned above.