By Jason Moody
All mobile-enabled enterprises risk breaches unless IT managers buttress a well-thought-out security policy with tools to enforce it. A single, comprehensive solution is simpler and less expensive than integrating point solutions, but in either case, the following seven security capabilities are essential.
1. Secure remote access
Secure remote access sets up a private, encrypted connection between mobile devices and the corporate network, making information transferred over the connection indecipherable by hackers. Such a solution should protect information in all scenarios: on the corporate campus, from a home network and from a public Wi-Fi hotspot.
Encryption can protect data even if a stolen device has no password on it. If encryption is part of an enterprise workspace-based approach to mobility management—that is, all corporate data saved on the device is in a separate, application-based workspace that IT controls—then IT can manage the entire encryption process, eliminating complexity for users. With a secure workspace, as soon as a user switches to an application outside the workspace, the protected applications are automatically locked.
3. Data leakage protection
Data leakage protection (DLP) helps eliminate the intentional or inadvertent transfer of data from a mobile device. For example, DLP may allow an Excel spreadsheet to be viewed by any authorized application on the device while preventing it from being opened by or saved to any untrusted application, such as a cloud app that might utilize shared folders.
4. Remote wipe
Remote wiping provides corporate IT with the ability to access a device remotely and erase the data on it. When a workspace approach is used, IT controls and wipes only what is in the workspace. Without a secure workspace approach, IT may have the power to wipe the entire device.
5. Identity and access management
Identity and access management (IAM) validates which device is accessing the network, who the user is and where the device is located. It then allows access to specific services and data depending on the user’s role. A unified approach to accessing corporate data and applications includes an access control policy, separation of duties and single sign on (SSO). A comprehensive approach includes both mobility and traditional on-premise access.
6. Policy management
A policy engine drives long-term security, defining users’ roles, what devices they have and what applications and data they can access under what conditions. A robust policy management solution enables IT to configure each device easily for everything employees need: access, passwords, applications, personal identification numbers (PINs), device timeout, etc.
7. Compliance reporting
Compliance reporting provides easy access to everything in the mobile security environment: users, devices, applications, rights and more. This ability makes it easier to avoid and identify problems, and when, for example, a new security issue is announced for a browser, IT can quickly identify which devices need patching and ensure they get patched.
With these seven security capabilities in place, a mobile-enabled enterprise is better able to provide the services users demand while protecting the organization from threats.