Smartphone Security Best Practices: Five Tips

Smartphone security best practices involves evaluating third party software, gaining network and individual smartphone visibility, and considering cloud storage.
(Page 1 of 2)

Establishing smartphone security best practices should be easy right? Well, not exactly.

While smartphones are nothing new for the enterprise – BlackBerries have long been standard knowledge-worker accessories – the explosion of competing platforms, increased horsepower and ballooning Internet connectivity have ramped up their security risks.

A recent Aberdeen Group study found that the typical enterprise must deal with an average of 2.8 to 3.3 different smartphone platforms . Meanwhile, more than two-thirds of those surveyed noted that some or all employees were permitted to use personal-liable mobile devices for corporate use.

That “some or all” is telling. Sure, you can establish a policy blocking the average user’s mobile phone from corporate access. What happens, though, when it’s a senior executive who is bringing some new, untested platform onto your network?

Will you say “no” to your CEO?

Clearly, Mobile phones are no longer something that IT can shrug off as someone else’s problem. They are simply too powerful and pervasive to ignore. If your organization is struggling to cope as smartphones invade the enterprise, these five best practices should help.

1. Treat smartphones like PCs

Treating a smartphone like a PC means installing endpoint security, enforcing device-side encryption, having policies in place for how to connect to corporate assets (such as through a VPN) and requiring strong authentication to unlock the device in the first place.

The gold-standard for secure smartphone usage is BlackBerry. The devices are encrypted, require passwords to unlock (although programs like UnlockIt are out there to bypass some of these requirements) and they can be controlled via the BlackBerry Enterprise Server, which gives IT the power to create and enforce more than 450 different policies.

The trouble is that knowledge workers aren’t satisfied with BlackBerries alone. iPhones and Androids are the new trendy gadgets, yet they don’t have the security pedigree of BlackBerry.

2. Evaluate and adopt third-party security software

Even if new platforms are relatively untested from a security standpoint, that doesn’t mean they can’t be secured. As with the PC, most smartphone users will likely get their security from third parties. A number of security startups already have smartphones in their sights.

These include authentication vendors, such as MultiFactor Corporation with its SecureAuth solutions and Entrust with Entrust IdentityGuard Mobile; mobile antivirus vendors like Lookout and DroidSecurity; and mobile device management solutions from companies such as Zenprise, Good Technology and Trust Digital.

Of course, incumbent security vendors aren’t sitting this out. Symantec, Kaspersky, McAfee and Cisco have all released smartphone-related products.

Smartphone security products are out there, and it’s time for IT to start evaluating and adopting them.

3. Remember that smartphones aren’t PCs

Even though smartphones are becoming as powerful as PCs, they differ in important ways.

“Despite the risks associated with these devices, the current threat landscape is still in its infancy. The greater threat involves a lost or stolen device. In this case, password protection, encryption and related security measures become the highest priority to ensure the device and its data are secure,” said Khoi Nguyen, Group Product Manager, Mobile Security Group, Symantec.

Sure, laptops get lost and stolen, but it’s not really that common. According to Accenture, however, 10 to 15 percent of all handheld computers, PDAs, mobile phones and pagers are lost by their owners. This means that IT must expect these devices to get lost or stolen.

Besides password protection and encryption, IT should have the ability to remotely wipe or even brick phones. Even this, though, can be problematic.

According to Ahmed Datoo, VP of marketing at Zenprise, more often than not, users will delay reporting their device as lost or stolen, either in the hopes that they can retrieve the device or because they are embarrassed for losing it.

“Every second of delay could mean the loss of sensitive corporate data. Providing users with an ability to wipe their own devices will significantly reduce the risk of both personal and corporate data loss,” he said.

Another important difference is that IT does not own most smartphones, which makes enforcing security policies trickier. Many security experts recommend controlling what applications can be present on smartphones. That’s doable if the organization owns the phones, but it’s impossible when end users own them.

Next Page: Smartphone and network visibility


Page 1 of 2

 
1 2
Next Page



Tags: security best practices, best smartphone, smartphone, smartphone security, smart phones


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.