THINGS TO KNOW BEFORE YOU OPEN THE DOORS TO SMARTPHONES AND
TABLETS IN YOUR ENTERPRISE
Mobile devices such as smartphones and tablets used in the enterprise may be putting your corporate information at risk. Lost or stolen smartphones that are not password protected, or information in corporate email or business applications transmitted wirelessly but not encrypted, can all-too-easily expose confidential corporate data. Here are several key strategies to protect your enterprise mobile devices and the sensitive data they contain. In today’s business world, IT departments are under increasing pressure to support a wide range of mobile devices. iPhone, iPad, and Google Android devices are joining BlackBerry, Symbian and Windows Mobile smartphones in the workplace, and their numbers are increasing exponentially each month.While some of these mobile devices are provided to employees by the corporation, many are personally owned devices that employees are using to access corporate information. Smart businesses all around the world are embracing this trend and reaping the numerous rewards inherent in increasing mobile access to critical business data.
However, many companies still don’t have a comprehensive security plan in place to handle the influx of mobile devices seeking access to the corporate network. Corporate IT faces numerous challenges in order to provide applications and services that meet the needs of the roving workforce--and provide protection of sensitive corporate data and email stored on the mobile device.
Lost or jailbroken mobile phones, along with viruses and malware sent via mobile mail applications, can pose significant threats to enterprise information security. Mobile phones by nature are highly portable and can store large amounts of data. Since they are relatively easy to steal or lose, an unauthorized intruder can gain access to confidential information on an unprotected mobile device in the blink of an eye. Unsecured wireless transmissions can also be captured without the user ever knowing a security breach has occurred.
This white paper will outline possible mobile device security threats and review how IT can effectively manage and secure a fleet of devices, whether they are personally owned or corporate owned. By following the strategies outlined in this paper, IT managers will learn what the greatest security risks are for mobile devices and how to effectively protect end users, their devices, and the network infrastructure from attack, harm, or lost data.MOBILITY ADDS PRODUCTIVITY Mobile devices have invaded the enterprise. For example, within three days of the release of iPhone 4, Apple had sold an astounding 1.7 million devices, making it the most successful product launch in the company’s history. iPhone 4 is now distributed in 22 countries and is undeniably a global phenomenon.
As this mobile revolution occurs, enterprise support of these devices has reached critical mass. IT departments are faced with a variety of handheld units constantly connecting to an internal network that may—or may not—be equipped to deal with the security issues surrounding mobile devices. More importantly, an IT department without a comprehensive security plan has no way to ensure whether these devices are authorized to access network resources.
Whether IT is ready or not, however, users are connecting to the office network. According to a recent study, “Collaboration Needs Will Fuel A Smartphone Surge,” (Forrester Research Inc. study, published January 2010), threequarters of information workers are using or are interested in a smartphone for ork. And those employees are accessing—or want to access—corporate information. IT departments are starting to open up parts of the corporate network to mobile phones. Based on data from the Forrester Research report, “Market Overview: Smartphone Management,” almost 60% of firms provide some support to personally owned smartphones.
What these companies are realizing is that if they allow employees with personally owned devices to access corporate email and other resources, these employees will be more productive. In addition, in today’s economic times, enabling personal devices helps companies offload some of the cost of mobility in the enterprise, because users are paying for these devices themselves.
Threats to enterprise data are an ongoing occurrence. With the burgeoning number of smartphones and other
devices connecting to the enterprise, these mobile tools may be the easiest entry point for criminals to gain access to
confidential corporate information.
To lessen the threat of security breaches or loss, IT departments need to:
• Be aware of all types of threats to mobile devices, including device loss, malware, bugs, and out-of-date mobile OS software
• Create mobile governance policies that emphasize security; educate employees on how to adhere to those rules
• Use a mobile management platform that allows IT to centrally deploy, configure, and manage a fleet of multiplatform mobile devices (whether personally owned or company-purchased)
• Use mobile management tools that offer IT visibility into device status, so security breaches can be quickly and automatically shut down
• Restrict or limit known vulnerabilities, including application download, camera, Bluetooth, or Wi-Fi
• Implement a portfolio of device security tools that include alphanumeric passcodes, authentication, encryption, and remote wipe
• Control download and installation of any apps that give users access to corporate information.By following these strategies, IT managers can effectively protect end users, their devices, and the network infrastructure from attack, harm, or lost data
