Smartphones have made way into our personal and professional life. Apart from always being connected to the world, there are many business functions that users, today, perform with their smartphones. Business emails, document reviews, editing, and video conferencing are just some of those. To support mobile workforce, companies issue handhelds such as smartphones, tablets and laptops that enable them to work while travelling or while sitting at the comfort of their homes. Some companies also support the ‘Bring Your Own Device (BYOD)’ concept which permits employees to access company network from their personal handhelds.
The different operating systems, the customization and variation in hardware, tweaks in the operating system by each vendor have led to a sea of devices. This presents a serious challenge from the security perspective for organizations that support mobile devices. Let us look at some of the key challenges that organizations face by supporting a mobile environment for their employees.
The challenges in using mobile devices for business:
- Lack of physical security: Desktops cannot be moved easily and laptops can be locked to a stationary structure but handheld devices,such as smartphone can be easily stolen. The thief also gets open access to the data on the device and to the enterprise through enterprise applications installed on mobile.
- Untrusted networks: While travelling, users routinely connect the devices to untrustworthy networks (Wi-Fi). It could be at cafes, restaurants, clubs, and other social places. These networks are not secure and extremely prone to hacking.
- Untrusted applications: Games, social media apps, and many other apps read the data from the device and upload it to their servers. This is a threat to corporate data stored on mobiles. Personal apps on devices are usually one of the biggest threat for data theft.
- Interaction with other systems: Users connect mobile devices to their personal laptops and other desktops to transfer music, videos etc. These computers pose security danger for the enterprise data saved on the handheld.
- Untrusted mobile devices: Most personal devices are untrustworthy. They may not be upgraded to latest OS and patches are also not frequently updated thus leaving the device insecure. Employees tend to avoid upgrading immediately to save on data streaming and may also try to jailbreak the device to play and experiment with it. In case of organizations supporting BYOD, this increases the threat.
Securing Mobile Devices
With so many issues popping up constantly around mobile device safety, it sometimes doesn’t really come out as a great idea to use them for work. However, looking at the need of the hour, it cannot be avoided. Hence, it is important for companies to adopt safe practices before establishing the mobile environment for their employees. Here are few steps that organizations should take before provisioning handheld device on the enterprise network and issuing it to the employee.
1. Enforce general security policy: All devices must adhere to the security policy which includes the following:
- Restricted access to hardware such as camera, USB interface, Bluetooth, and removable storage.
- Restricted access to native applications such as email client, calendar, built-inbrowser, contacts etc.
- Manage Wi-Fi network interface, including enforced security protocol for all connections.
- Limit or prevent access to enterprise services based on rooting or jailbreak status to ensure only secure devices access the company’s information.
- Select only the most secure devices in market to integrate with enterprise infrastructure.
2. Data communication and storage
- Ensure strong encryption for data connection to enterprise networking. Enforce use of VPN to connect to the network.
- Enable strong encryption of data stored on the device. Bind the removable storage to that specific device using encryption techniques.
- Remotely wipe the device if it is reported lost or stolen or otherwise become untrustworthy.
- Auto-wipe the device after a specific number of unsuccessful authentication attempts.
3. User and device authentication
- Enforce strong authentication using one-time token or 2-factor authentication to access enterprise network.
- Enforce auto lock when device is idle for specific duration (e.g. 5 minutes)
- Enable remote lock to allow locking of the devicebased on suspicious behavior on the device.
- Enable remote reset of the
- Deploy a Mobile Device Management (MDM) solution to manage all devices across the enterprise.
4. Applications (Apps)
- Allow the use of only specific app stores to install applications.
- Restrict the applications that can be installed (using white-listing or blacklisting)
- Restrict the permission allowed for apps (e.g. camera access, location access, screenshotetc)
- Distribute enterprise applications from a dedicated mobile app store.
Mobile devices by their very nature are prone to hacks. However, with proper device management, they can be used securely to ensure that organization’s information and network are not put in any danger. Commercial Mobile Device Management (MDM) software makes the administration of handheld security easy and manageable and integrate into organization’s overall security infrastructure. With proper security implemented, mobile devices can truly provide the productivity improvements that they promise.