ABC: An Introduction to Mobile Security

CIO
By Galen Gruman

Mobile Security

Laptops have become so inexpensive that they’re standard equipment at many enterprises. BlackBerrys are all the rage among traveling execs. Cell phones and PDAs are merging into smart phones that allow mobile e-mail, Internet and even corporate network access, as well as the ability in some models to work on spreadsheets. Copying company data onto USB thumb drives and other removable media has never been easier. Critical enterprise information is leaking onto mobile devices whose risk of loss or theft is much higher than it is for PCs at the office.

The risk is not theoretical. According to the Privacy Rights Clearinghouse, 56 potential breaches of clients’ personal information involving laptops and other mobile devices—typically stolen or lost—have been disclosed publicly from Jan. 1 to Oct. 24, 2006, involving the personal information of at least 31.68 million people. And that doesn’t count breaches of corporate data not covered by various state breach-disclosure laws.

Fortunately, security methods aren’t theoretical, either. There are concrete steps an enterprise can take to secure the data on its mobile devices.

Where do I start when securing mobile devices?

The best way to secure company data is not to store it on client devices in the first place, advises Eric Maiwald, a senior analyst at the Burton Group research firm. If data resides on servers and within the data center, with access permitted only over the network, there is no local copy to lose if a laptop or PDA is stolen or lost. This strategy also protects PCs in the office; after all, they can be stolen as well. While it can be more convenient for an employee to work from a local copy of data—on a laptop transported home or on a thumb drive—the high availability of broadband access and the maturity of remote-access technologies, such as laptops and smart phones, is rarely much less convenient. This approach also provides better security while still letting people work in multiple locations and with multiple devices.

Unfortunately, many companies have issued laptops as the standard PC, a strategy that undercuts security. Only employees who need to work while traveling should be issued laptops; examples include senior executives, salespeople, auditors, field technicians, some marketing staff and telecommuters. The rest can use PCs or computers at home or at satellite offices.

Enterprises that limit the use of mobile devices and discourage the use of locally stored data will still find exceptions that require local data storage on mobile devices, but these exceptions will be few and their small numbers will make them easier to manage.

 
RELATED LINKS
 
Secrets of Offshoring Success

Managing Mobile Devices

Wireless - Mastering Mobile Madness

Remote Control: Tracking Mobile Devices in the Enterprise

How to Minimize the Impact of Laptop Theft

The CIO's Guide to Mobile Applications by Research in Motion

 
NEWSLETTERS
Mobile

Information Security
 

Who is responsible for device security?

Ultimately, the CEO is responsible for the loss of secret information, such as competitive data, trade secrets or customer information. In practice, the buck stops with the CSO or CIO, depending on your organizational chart. Meanwhile, network administrators, client management leads, department heads and individual users share implementation responsibility. The CSO or CIO should set the policies as to what data may be stored on mobile devices, what level of protection is required for different types of data, and what access to internal systems various mobile devices may have. Often, these policies are part of the overall data management and access management policies that cover desktop users and remote users.

The network administrator and IT chief responsible for client management typically choose the tools to ensure that password, VPN, access control and malware-protection requirements are met. They may also determine which types of mobile devices are authorized for use with company data and services, based on the level of security they can enforce on the various devices. Business managers and users are responsible for following these policies, and for not trying to work around the policies by using personal devices with forbidden company data and services—an easy temptation when you already have a PDA, iPod, smart phone or USB drive and see no harm in using it for work purposes.
Loading...
Mobile MarketSpace
White Papers
The CIO's Guide to Wireless in the Enterprise
 This guide provides a basic overview and worksheet of mobile computing for those who are interested in evaluating a wireless enterprise solution. Read This White Paper »
The CIO's Guide to Mobile Applications
 A primary strength of a wireless application is to ideally offer users a stable connection, regardless of location and enable users to access their information while on the go. Read This White Paper »
The CIO's Guide to Mobile Security: Executive Overview and Checklist
 This document examines six key mobile computing security concerns that an IT department should consider when evaluating a wireless solution. Read This White Paper »
Business Drivers for Mobile Unified Communications
 See results from a recent survey to learn the common barriers of implementation and find out how you can implement mobile unified communications without replacing your existing infrastructure. Read this White Paper »
The Business Value of Mobile Social Networks
 Learn about the evolving technologies in the social networkign market and how the next generation of location-aware handheld devices will change the way business is conducted. Read this White Paper »
Automating Field Technicians with Smartphones
 Find out why a large telecommunications organization chose smartphones over laptops. The result was a cost savings of $1.6 million, improved customer service and more. Read this White Paper »
 
SPONSORED LINKS
 

White Paper: Take your Call Center to the Next Level

Is Your WLAN Helping You Comply with Security Guidelines of the PCI Standard?

White Paper: Improve Employee Efficiency and Reduce Telecom Costs

Dramatically boost network capacity and speed-up to 600 Mbps

Mobility is Growing: Survey Shows Why CIOs are Concerned

Virtualization Benchmark and TCO Analysis-Read Now

White Paper: Scaling Down HPC for Smaller Organizations

White Paper: Never Enough Compute Power?

Microsoft Windows Vista Cost and Benefit Estimator

White Paper: Efficient Desktop Application Management

White Paper: Green Issues for Networking

White Paper: The Roadmap to Data Center Automation

Learn how companies are changing how they reach out to their most profitable customers.

Get help navigating the management challenges of virtualization.

Narrow the gap between virtualization's benefits and the management risks.

Cash in on the promise of virtualization

Complementary BI: The New Approach to Business Intelligence

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Customer Insight Yields Sales, Marketing Gains

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

File Integrity Monitoring: Prove compliance and secure your IT environments

Affordable technology-no compromise. HP server solutions

SOA Educational Library at the TIBCO SOA Resource Center

CIO Viewpoints: Migrating to Exchange 2007

White Paper: Enabling Next Generation IP Communications

White Paper: A Cohesive Network Security Approach

Why Your Firewall, VPN, and IEEE Aren't Enough to Protect Your Network

Webcast - "Into the Wild: Managing Laptops Outside the Office"

Unified Communications & Collaboration: Game-Changing Business Results

Server Virtualization Benchmark Results

Learn to Leverage Maximum Computing Power

Windows Vista: Essential Benefits and Deployment Strategies

Best Practices: Safe and Secure Hardware Asset Recovery

White Paper: Migrating to Windows Vista and Microsoft Office 2007 Together

New IDG Survey Results on Data Center Automation

Operational Excellence Is Key to Maximizing IT Investments

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Find out how to manage virtualization's risks and reap the rewards.

Conquer the realities of managing virtualization

Remote Infrastructure Management - What Your Peers are Thinking

Learn what it takes to build a holistic digital collaboration platform

Make Hidden Trends, Inter-Relationships and Influences Visible.

Improve delivery of product information to customers.

Renowned Engineering Institution Chooses AMD Processor-Based Servers

Corral, configure and control all your mischievous machinery with a Lantronix device server

Spend less. Get hosted UC. Get cash back. It's easy under a Cypress

Predict the future with HP Insight Power Manager

Log onto Hitachi True Stories, films inspired by the next great achievement

Earn PROFESSIONAL DOCTORATE Part-Time, Online at Syracuse University's iSchool

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords