Get Serious About Enterprise Mobile Device Security or Face GRC Repercussions


Gartner declared 2011 the most complex year the mobile industry has ever experienced so just imagine how 2012 is likely to shape up. The researcher expects more handsets and tablets to appear and new services to emerge that exploit mobile payment, context, social networking, and location-based advertising. Near field communication (NFC) and RFID increasingly will carve out roles in mobile.

Similarly, employees will demand a choice of devices, fueling the growing adoption of the bring-your-own-device (BYOD) approach. Not surprisingly, enterprises will be forced to develop and support applications on a wider range of mobile devices and platforms.

The growing smartphone base combined with increased sales of media tablets is forcing a reassessment of the best practices to support mobile. Controlling burgeoning costs driven by device heterogeneity and bring-your-own-device models, while maintaining agility, is imperative, notes Gartner. But most important of all is security, which carries serious GRC implications. Below wiredFINANCE summarizes key steps you should take now to secure your mobile devices.

Create and put in place strong security policies. Start by applying your existing security policies, but don't stop there. Especially with mobile, all data should be encrypted as a matter of policy. Also make sure to enforce the security policies and demand accountability. A security breach can have serious GRC consequences and substantial bottom line repercussions.

Limit the apps you allow. Your users will not like this, especially if yours is a BYOD organization, but apps present a serious vulnerability. Before you restrict apps you need to create an in-house process for getting new apps approved fast. If approval requires weeks or months employees will just do what they want anyway.

Next, configure your mobile devices for security. This includes enabling auto-lock and password protection and requiring complex passwords. Also, avoid using auto-complete features that remember user names or passwords. And make sure to enable remote wipe.

Do you know how many mobile devices are in use and what they are? Take an inventory of the mobile devices the organization is supporting. You may have to adjust your policies and configurations to accommodate the various devices and their capabilities.

Frequently update the mobile device operating systems and applications. Make sure to select the automatic update option when available. Also deploy anti-virus programs, and, again, configure for automatic updates. The viruses change and mutate rapidly so updates are essential. You can't rely on users to keep the devices current.

What makes mobile devices attractive is their mobility. So, take appropriate physical security measures to prevent theft and enable recovery of mobile devices. The number of mobile devices that fall from belts or out of pockets or get left on restaurant tables and in taxis must be staggering. Use tracing and tracking software from companies like Computrace, Lookout, or MobileMe if you want a chance of getting the devices back. If you configured for remote wipe, you can rest a little easier. Of course, back up data on the mobile device frequently.

Finally, use appropriate sanitization and disposal procedures for mobile devices. That means deleting all information stored in a device prior to discarding, exchanging, or donating it. A software deletion tool will do a more complete job than users trying to do it manually. By the way, the same precaution should be taken with all your systems—mobile, laptop, notebook, desktop, server--facing end-of-life. You don't want data coming back to haunt you.

Copyright © 2012 Alan Radding

Discuss this Blog Entry 0

Post new comment
or to use your Business Finance ID
What's wiredFINANCE?

wiredFINANCE provides the Business Finance community with reporting and commentary on IT-finance related issues.

Blog Archive