Five Tips for Securing Smartphones in the Enterprise
As more and more individually-owned smartphones and mobile devices make their way into the work force, it's imperative to secure them on the corporate network. Zenprise, a mobile management software company, offers these five tips:
1. Require users to proactively seek permission to connect via Exchange ActiveSync (EAS)Microsoft Exchange ships with EAS enabled by default for all users. This means that employees can enable their iPhone, Android, Palm and Symbian devices to retrieve corporate mail, without asking the IT department for authorization or approval. To secure a device, the IT department must have visibility into which devices are connecting to the network. Therefore, it's important to set a policy that requires users to contact the IT department for permission to enable ActiveSync.
2. You can't secure what you can't see; gain visibility into which devices are connecting into the networkA "particularly worrisome trend" cited by a recent Aberdeen Research report found that the vast majority of organizations meeting the demand for individual-liable devices had little to no visibility into device usage and telecom costs. Without full visibility into the devices running on a network, IT is subject to greater security risk from employee liable phones. Once an administrator has authorized and enabled EAS for a user to connect into the network with an iPhone, for example, he or she does not need permission to add additional devices to the network. Without daily or weekly reports, IT has no way of knowing when a user switches his or her smartphone for another type of device.
3. Like everything else on the network, smartphones must also have security policiesCompanies should set up a default EAS security policy so that all phones connecting into the network have a minimum level of security enabled. In many instances, this will force users to do things such as set up a security password or enable other security policies before they can access their e-mail for the first time.
4. Smartphones are an extension of corporate data, so it makes sense to give users the ability to wipe their own device in case their device gets lostAccording to Accenture, 10 to 15 percent of all handheld computers, PDAs, mobile phones and pagers are lost by their owners. More often than not, users will delay reporting their device as lost or stolen, either in the hope that they can retrieve the device, or because they are embarrassed by the incident. Every second of delay could mean the loss of sensitive corporate data. Providing users with an ability to wipe their own devices will significantly reduce the risk of both personal and corporate data loss.
5. All work and no play? Track applications installed on the deviceThe line continues to blur between the personal and corporate use of smartphones. Organizations that allow employees to install personal or corporate applications on their devices should audit for rogue third-party applications. They should also control which corporate applications mobile devices can access. More workers are unintentionally downloading applications that hog memory or are infected with malware, according to Zenrprise. By understanding which applications are installed and running, enterprise IT can avoid potential security and compliance risks.
As the trend of managing a fragmented mobile landscape continues into 2010, many firms specializing in mobile management software -- BoxTone, Zenprise, Good Technology and MobileIron, for instance, -- are adding support for more mobile operating systems and rolling out more comprehensive features to meet demand.