ABC: An Introduction to Mobile Security

CIO
By Galen Gruman

Mobile Security

Laptops have become so inexpensive that they’re standard equipment at many enterprises. BlackBerrys are all the rage among traveling execs. Cell phones and PDAs are merging into smart phones that allow mobile e-mail, Internet and even corporate network access, as well as the ability in some models to work on spreadsheets. Copying company data onto USB thumb drives and other removable media has never been easier. Critical enterprise information is leaking onto mobile devices whose risk of loss or theft is much higher than it is for PCs at the office.

The risk is not theoretical. According to the Privacy Rights Clearinghouse, 56 potential breaches of clients’ personal information involving laptops and other mobile devices—typically stolen or lost—have been disclosed publicly from Jan. 1 to Oct. 24, 2006, involving the personal information of at least 31.68 million people. And that doesn’t count breaches of corporate data not covered by various state breach-disclosure laws.

Fortunately, security methods aren’t theoretical, either. There are concrete steps an enterprise can take to secure the data on its mobile devices.

Where do I start when securing mobile devices?

The best way to secure company data is not to store it on client devices in the first place, advises Eric Maiwald, a senior analyst at the Burton Group research firm. If data resides on servers and within the data center, with access permitted only over the network, there is no local copy to lose if a laptop or PDA is stolen or lost. This strategy also protects PCs in the office; after all, they can be stolen as well. While it can be more convenient for an employee to work from a local copy of data—on a laptop transported home or on a thumb drive—the high availability of broadband access and the maturity of remote-access technologies, such as laptops and smart phones, is rarely much less convenient. This approach also provides better security while still letting people work in multiple locations and with multiple devices.

Unfortunately, many companies have issued laptops as the standard PC, a strategy that undercuts security. Only employees who need to work while traveling should be issued laptops; examples include senior executives, salespeople, auditors, field technicians, some marketing staff and telecommuters. The rest can use PCs or computers at home or at satellite offices.

Enterprises that limit the use of mobile devices and discourage the use of locally stored data will still find exceptions that require local data storage on mobile devices, but these exceptions will be few and their small numbers will make them easier to manage.

 
RELATED LINKS
 
Secrets of Offshoring Success

Managing Mobile Devices

Wireless - Mastering Mobile Madness

Remote Control: Tracking Mobile Devices in the Enterprise

How to Minimize the Impact of Laptop Theft

The CIO's Guide to Mobile Applications by Research in Motion

 
NEWSLETTERS
Mobile

Information Security
 

Who is responsible for device security?

Ultimately, the CEO is responsible for the loss of secret information, such as competitive data, trade secrets or customer information. In practice, the buck stops with the CSO or CIO, depending on your organizational chart. Meanwhile, network administrators, client management leads, department heads and individual users share implementation responsibility. The CSO or CIO should set the policies as to what data may be stored on mobile devices, what level of protection is required for different types of data, and what access to internal systems various mobile devices may have. Often, these policies are part of the overall data management and access management policies that cover desktop users and remote users.

The network administrator and IT chief responsible for client management typically choose the tools to ensure that password, VPN, access control and malware-protection requirements are met. They may also determine which types of mobile devices are authorized for use with company data and services, based on the level of security they can enforce on the various devices. Business managers and users are responsible for following these policies, and for not trying to work around the policies by using personal devices with forbidden company data and services—an easy temptation when you already have a PDA, iPod, smart phone or USB drive and see no harm in using it for work purposes.
Loading...
Mobile MarketSpace
White Papers
Fixed Mobile Convergence
Learn why your organization should implement and the benefits of an FMC solution. Learn more »
The CIO's Guide to Mobile Security
Learn about the key mobile computing security concerns when evaluating a wireless solution. Learn more »
Mobile Applications
Learn about the strengths of a wireless application and how they relate to your organization. Learn more »
Wireless in the Enterprise
A basic overview for those interested in evaluating a wireless enterprise solution. Learn more »
ROI Through Mobility
Realize the benefits of mobile CRM with the latest RIM offerings. Learn more »
Respond Faster and More Efficient
Read this case study about how Alagasco upgraded their system to smartphones and the benefits of it. Learn more »
 
SPONSORED LINKS
 

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Losing Ground: 2009 TMT Global Security Survey

Accenture IT Consulting: Logical meets technological. More . . .

Stop Application Fraud at the Source with Device Reputation

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Gartner Shares Predictions for 2009

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Automating the Generation and Secure Distribution of Excel Reports

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords