As like in computer networking, security management plays a very important part in enterprise mobility. In some aspects security management in mobile environment is similar to that in computer environment. But because of the "mobile" aspect, there are specialized security measures which are part of enterprise mobility security management.
Why is mobile security so important today and in future?
You can already see how powerful mobile are getting today. Not only this, with rise of applications virtually everything which people used to do on PCs can now be done on mobiles. This means workforce of today and tomorrow will depend heavily on mobiles. Thus, a lost mobile, a hacked mobile will then have the same impact a hacked PC has today:
- Loss of sensitive data which may raise compliance issues and loss of customer confidence.
- Legal issues arising due to leak of sensitive data
- Loss of productivity because of loss of data and work stored on the mobile
Surveys have found that more than 35% of mobile users have some point or another had their mobile stoles or lost it. Imagine what impact it would have on a workforce which is predominantly mobile!
Why is it tougher to manage security in mobile environment ?
There are several reasons why security management is more challenging for mobility as compared to computers:
- The device is mobile, thus there are higher chances of it getting lost, misplaced and thus mishandled. The same can be avoided in case of PCs very easily
- Most enterprise mobility users do not consider malware and virus attacks seriously as far as mobiles are concerned and thus do not take appropriate measures to block such programs.
- The line between personal usage and professional usage of mobile phones has blurred. Your smart phone is also your desktop and also your playstation. There are numerous Apps available which mobile users may download without enterprise having control on them
- The restrictions on mobile users to visit internet sites are also low. While the same can be implemented very easily in a PC environment. Thus there is virtually no control what a mobile user can visit, some of which can be compromise device information too.
How to manage security for enterprise mobility
Here are a few key ways of managing security in mobile environment:
- Do an exhaustive risk analysis first– Before implementing any security, it is important to understand what has to be protected, how sensitive that information is, how can it be compromised and what will be implications of the same. This is a very important step as unless these points are not clear one may implement strategy which may be too easy or too harsh as compared what is actually required. For example if your team is using mobiles for keeping in touch with customers through emails and nothing else then the kind of security required will be different from other people who access very sensitive data from corporate server through the device. Similarly, mobile security for a junior marketing manager will be very different from that of the CEO of the firm.
There are several basic security measures which should be part of almost every enterprise mobile:
- The access should be password protected and the password should be changed reasonably frequently
- Sensitive information should be encrypted, if not a very high level encryption but basic encryption should be there. Thus when you are sending sensitive data through air it should not be available to others.
- Appropriate malware protection applications should be installed in the mobile to protect from attacks
- There should be provision of prohibiting application which can compromise information. Unauthorized applications should not be installed.
Some advance security measures include:
- Remote lock and data wipe : What if the mobile device is lost and had lot of sensitive data. While multiple security measures can be taken to secure the data, hackers may still find a way to get information from the device. One way to deal with this situation is to remotely lock the device and initiate a 'data wipe" which destroys the data on the mobile device. This is done remotely,
- Data fading : Using this technique security managers can automatically destroy sensitive information stored on the device if it has not connected to network for a specified period of time. This is particularly useful in cases when mobile user does not come to know about lost mobile right away and thus other measures such as lock and wipe cannot be initiated.
Enterprise mobility has opened new doors of communication and flexibility but to get its full benefits one has to be cautious.