Search
Advertisement

Business

Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Keys to a Mobile Security Strategy

By Courtney Macavinta

Gone are the days when a laptop was the key mobile device within the enterprise. With Blackberry devices and iPhones popping up in almost every employee’s pocket, mobile devices are proliferating inside enterprises.

Case in point: Globally, enterprises currently spend $6 billion on mobile devices, and that will rise to an estimated $17 billion by 2012, according to a May report by the market analyst firm Datamonitor. And with this rise in mobile devices also comes an increase in security issues for IT managers, which analysts say necessitates the establishment of mobile security policies.

Approximately 65% of enterprise mobility decision makers say their top priority is to “provide more mobility support to employees,” according to a July study by Forrester Research, Build Your Business’s Mobile Strategy Around Device Management And Security. That said, security concerns are also “the greatest barrier to adoption of mobility solutions,” the study found.

From viruses to federal regulations about data security, mobile devices face security threats similar to those faced by organizations that rely on desktops and notebook computers. Other concerns include not being able to manage the growth of device use or trying to implement standardization. Also, enterprises are concerned about the rising operating costs of devices.

“Data security is the biggest thing to worry about. These devices are easy to lose or can be stolen,” says Phillip Redman, research vice president for Gartner. “Enterprises should not dig their heads in the sand about security for mobile devices -- they should be proactive, not reactive.”

Here are the key steps analysts recommend CIOs should spearhead to map out a mobile security strategy:

1. Create a mobile device security policy Enterprises should accept that mobile devices are here to stay and adopt a policy to improve security without limiting access. “If you don’t have a security strategy, you’re already in trouble,” says Redman. “Firm it up and find out the weakest elements.” To get started, CIOs should work with other department leaders to develop requirements that cover the enterprise’s current mobile user profiles, devices and applications. “Don't do a stand-alone mobile security policy,” advises Redman. “It should be integrated into your total enterprise security strategy.” The policy should cover issues such as what employees should do if a device is lost or stolen and guidelines about what information can and can’t be stored and transmitted via devices. Overall, CIOs have to ensure that they “have the right people who are going to develop, implement, manage and enforce the policy,” says Redman.

2. Strengthen policy with security tech Policies should also include security measures such as strong passwords for devices, encryption and authentication, and perhaps most important, experts say, the ability for IT to remotely lock and wipe a stolen or lost mobile device. Even so, Redman advises that security is not exceedingly tight, such as requiring that a password be entered every 30 seconds. Instead, enterprises can create security levels for high- and low-security clearances for users. “You don’t want to enforce too much security, because it makes the device unusable,” he adds.

3. Manage inventory In addition to addressing security, IT needs a clear account of which mobile devices are already being used inside the enterprise. And IT needs to have the ability to manage settings and applications -- ideally from a central console system, which many vendors now provide, Forrester reports.

4. Stay flexible Recognize that many employees use their work device for personal reasons. The key is to balance security with flexibility. With a strong policy in place, security can be addressed while providing employees the mobility they’ve come to expect.

“Even during personal use, [employees] have to follow guidelines,” Redman notes. “And these devices will be used for personal use, so the enterprise needs to be aware of that.”

 

Courtney Macavinta is a Silicon Valley-based business and technology writer. Her articles have appeared in CNET News online, Inc. online, Business 2.0, Red Herring, Wired News and The Washington Post. She is also the managing editor of The Online Family.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

“Enterprises should not dig their heads in the sand about security for mobile devices -- they should be proactive, not reactive.”
--Phillip Redman, research vice president, Gartner

 
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.

© MMIX, CBS Broadcasting, Inc. All Rights Reserved.