7 Enterprise Mobile Security Best Practices
There's no denying the potential for mobile devices to improve efficiencies and lower costs for workers in industries of all types. You also can't deny the potential security vulnerabilities that mobile devices present. These seven tips will help you secure your mobile environment without placing a burden on your workforce.
Thu, February 13, 2014
CIO — Information security experts are fond of the certain language they use to explore and explain the security threats that companies and organizations routinely face. One particularly interesting notion from this lexicon is that of an "attack surface," which identifies a potential point of attack on one's information or financial assets, intellectual property or ability to conduct business.
Because any successful attack brings with it a chance of financial loss, legal or regulatory infractions, or damage to reputation, best practices for dealing with attack surfaces mean limiting exposure to unwanted or uninvited access, hardening them against attack and imposing what's often called "defense in depth." This requires building multiple layers of protection around valuable stuff; if one layer gets breached, the bad guys aren't automatically handed the keys to the treasure vault.
All this makes security for mobile devices both important and vexing. The more that employees and contractors use mobile devices to access organizational systems, applications and data, the more important it is to protect such access. Furthermore, it's essential to prevent the mobile devices that are supposed to boost productivity and add to the bottom line from opening unauthorized means of access to information and other assets; this turns them into a danger and a possible drain on revenue instead.
[ Survey: Advanced Persistent Threats Now Hitting Mobile Devices ]
[ Analysis: With BYOD Rising, IT Headaches Will Become Migraines ]
Given that mobile devices are inherently moving targets used outside the organization's perimeter — and thus also outside its firewalls, threat management, spam and content filtering, and other tools used to keep evildoers at bay — it's vital to apply a battery of best practices to use of mobile devices to keep exposure to risk and loss to a minimum. As any security expert will tell you, though, there's a fine line between enough security to keep things safe and protected and a smothering blanket of security that gets between people and the jobs they must do.
Although it's challenging and comes with some costs, the following list of mobile security best practices can help protect mobile devices and their users from unwanted exposure or unauthorized disclosure of company or organization IP, trade secrets or competitive advantages. Some of these practices aim at securing the mobile devices themselves, while others aim to protect the data and applications with which mobile users need to interact. All will help reduce risk of loss or harm to your company or organization.