There is not doubt we are seeing an onslaught of employee owned mobile devices entering the enterprise. For an IT security executive these new devices and the variety of operating systems they work off of, compiled with legacy or existing company owned devices, can make enterprise mobility security a dizzying task. With so much to manage and with technology evolving at such a high rate making it tough to keep up, it is important remember some of the basics. Gordon Makryllos in CSO has highlighted some of those basics which, when are kept in mind as an enterprise’s mobility increases, can help keep the ship on course.
1. Have a strong mobile policy
“A mobile usage policy is a framework that defines who the users are and what devices, platforms and applications they can and can’t use. Enterprises must clearly define policies around reimbursement for services and what applications users can access via personal devices, along with clear guidance on who controls the data on devices.”
2. Create an inventory of assets
“Businesses with accurate inventories have much clearer insight into their telecommunication environments and as such, more reliable information on which to base policy decisions.”
3. Ensure proper configuration of devices
“If a device is enrolled with a mobile device management server, a configuration profile defined and managed by IT admin can be implemented, enabling the device to interact with enterprise systems. An appropriate level of encryption can also be added to any commands coming from the server to ensure that settings cannot be altered without proper authorization.”
4. Implement appropriate security
“In addition to implementing data encryption, enterprises need to inform workers about the risks of failing to comply with security protocols – there is a good chance that they are unaware of the risks associated with using their personal devices for professional purposes.”
5. Regulate application protocols
“Malware is steadily creeping into the app world, so even applications from the app store need to be checked before they are allowed into the enterprise. Such malicious applications can take over the mobile device and operate in the background without the user knowing, searching for sensitive information such as passwords or banking details.”
6. Provide training and end-user support.
“Support and training can increase worker efficiency and also reduce security risks, as employees better understand how their devices work.”