ABC: An Introduction to Mobile Security

CIO
By Galen Gruman

Mobile Security

Laptops have become so inexpensive that they’re standard equipment at many enterprises. BlackBerrys are all the rage among traveling execs. Cell phones and PDAs are merging into smart phones that allow mobile e-mail, Internet and even corporate network access, as well as the ability in some models to work on spreadsheets. Copying company data onto USB thumb drives and other removable media has never been easier. Critical enterprise information is leaking onto mobile devices whose risk of loss or theft is much higher than it is for PCs at the office.

The risk is not theoretical. According to the Privacy Rights Clearinghouse, 56 potential breaches of clients’ personal information involving laptops and other mobile devices—typically stolen or lost—have been disclosed publicly from Jan. 1 to Oct. 24, 2006, involving the personal information of at least 31.68 million people. And that doesn’t count breaches of corporate data not covered by various state breach-disclosure laws.

Fortunately, security methods aren’t theoretical, either. There are concrete steps an enterprise can take to secure the data on its mobile devices.

Where do I start when securing mobile devices?

The best way to secure company data is not to store it on client devices in the first place, advises Eric Maiwald, a senior analyst at the Burton Group research firm. If data resides on servers and within the data center, with access permitted only over the network, there is no local copy to lose if a laptop or PDA is stolen or lost. This strategy also protects PCs in the office; after all, they can be stolen as well. While it can be more convenient for an employee to work from a local copy of data—on a laptop transported home or on a thumb drive—the high availability of broadband access and the maturity of remote-access technologies, such as laptops and smart phones, is rarely much less convenient. This approach also provides better security while still letting people work in multiple locations and with multiple devices.

Unfortunately, many companies have issued laptops as the standard PC, a strategy that undercuts security. Only employees who need to work while traveling should be issued laptops; examples include senior executives, salespeople, auditors, field technicians, some marketing staff and telecommuters. The rest can use PCs or computers at home or at satellite offices.

Enterprises that limit the use of mobile devices and discourage the use of locally stored data will still find exceptions that require local data storage on mobile devices, but these exceptions will be few and their small numbers will make them easier to manage.

 
RELATED LINKS
 
Secrets of Offshoring Success

Managing Mobile Devices

Wireless - Mastering Mobile Madness

Remote Control: Tracking Mobile Devices in the Enterprise

How to Minimize the Impact of Laptop Theft

The CIO's Guide to Mobile Applications by Research in Motion

 
NEWSLETTERS
Mobile

Information Security
 

Who is responsible for device security?

Ultimately, the CEO is responsible for the loss of secret information, such as competitive data, trade secrets or customer information. In practice, the buck stops with the CSO or CIO, depending on your organizational chart. Meanwhile, network administrators, client management leads, department heads and individual users share implementation responsibility. The CSO or CIO should set the policies as to what data may be stored on mobile devices, what level of protection is required for different types of data, and what access to internal systems various mobile devices may have. Often, these policies are part of the overall data management and access management policies that cover desktop users and remote users.

The network administrator and IT chief responsible for client management typically choose the tools to ensure that password, VPN, access control and malware-protection requirements are met. They may also determine which types of mobile devices are authorized for use with company data and services, based on the level of security they can enforce on the various devices. Business managers and users are responsible for following these policies, and for not trying to work around the policies by using personal devices with forbidden company data and services—an easy temptation when you already have a PDA, iPod, smart phone or USB drive and see no harm in using it for work purposes.
Loading...
 
SPONSORED LINKS
 

Fulfill Your Remote Access Strategy for Mobile Users

Check Point Endpoint Security - Unifying Essential Components

Data Protection: Challenges for the Traveling User

Leading university calls on Nokia for mobile unified communications.

Unified Communications & Collaboration: Game-Changing Business Results

Explore Fixed-Mobile Convergence

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Find out why IDC thinks virtualization is changing operating environments.

Explore the impact virtualization can have on your bottom-line.

Save with 0% Lease Offer on HP Servers and Storage

How RFID Improves Data Center Efficiency

Find out how to manage virtualization's risks and reap the rewards.

Conquer the realities of managing virtualization

Improve Web-Enabled SAP Performance

Gartner on Data Deduplication Cost Savings

Data Protection Options Explained

Ponemon Study: How Much Does a Data Breach "Cost"?

5 Steps to Successful IT Consolidation

Effective Security with a Continuous Approach to ISO 27001 Compliance

Expand High-Performance Computing (HPC) Capabilities

Power the Platform of Choice for Virtualization in the Enterprise

Effective Security with a Continuous Approach to ISO 27001 Compliance

Boost your top- and bottom- lines.

Best Intel Info for IT Pros/Intel Premier IT Professional Program: Stay up to date with roadmaps, technologies & best practices

Make Hidden Trends, Inter-Relationships and Influences Visible.

Webcast - "Into the Wild: Managing Laptops Outside the Office"

Revolutionizing Endpoint Security with a Single Agent

MAKING MOBILITY WORK: Wide-area data services enable today's global enterprise

Mobility is Growing: Survey Shows Why CIOs are Concerned

Put Enterprise Communications on Autopilot

Learn how companies are changing how they reach out to their most profitable customers.

Learn how to leverage virtualization for a 74% savings in TCO.

Find out how you can affordably consolidate applications with VMware.

ESG Research on Server and Storage Virtualization

Data Center ROI with RFID Asset Tracking

Get help navigating the management challenges of virtualization.

Narrow the gap between virtualization's benefits and the management risks.

Cash in on the promise of virtualization

Determine the ROI of Web Application Acceleration Managed Services

Achieve a 50:1 Data Deduplication Ratio

Remote Infrastructure Management - What Your Peers are Thinking

Complementary BI: The New Approach to Business Intelligence

Optimizing Infrastructure Control

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

High-performance computing is no longer just for Big Business

Optimizing Infrastructure Control

Configuration Assessment: Choosing the Right Solution

Learn what it takes to build a holistic digital collaboration platform

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Customer Insight Yields Sales, Marketing Gains

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords