What are some of the best ways to ensure mobile security?

What are some of the best ways to ensure mobile security?

What are some of the best ways to ensure mobile security?

    Requires Free Membership to View

    Login

    SearchUnifiedCommunications.com members gain immediate and unlimited access breaking industry news, expert advice on UC, technical guides, and more -- all at no cost. Join me on SearchUnifiedCommunications.com today!

    Kate Gerwig, Editorial Director

    By submitting your registration information to SearchUnifiedCommunications.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchUnifiedCommunications.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

There is considerable concern about the new security threats that will arise from the rising use of the mobile internet for corporate purposes -- especially services that are accessed from the open browser rather than via a carrier system like IMS or a managed enterprise application. Google thinks communications, email and apps will all be run out of the browser in future, but this means introducing the same types of security to the phone as are common on the PC -- antivirus, firewalls and so on. These are less mature for mobile devices to date, and take up considerable resources, slowing the instant responses that are expected on phones.

Even apart from the hacking and internet virus threats, there must be increasing attention to security as more employees are using UC on mobile gadgets and accessing corporate data and contacts from a handset. This means existing security, authentication and management infrastructures have to be extended and adapted to cellular and Wi-Fi products.

Another important aspect of a UC security policy is central tracking and management of devices and policies when they get lost (e.g. many vendors now support remote disabling or wiping of lost and stolen phones).

The three main areas where we think mobile security must be tightly managed are:

  • securing and managing every device
  • managing all connections
  • protecting all data

The first is easiest if the company standardizes on just a few devices, barring users' own phones from the system. Device passwords and PINs should be implemented with automatic lock after three failed attempts. More comprehensive device management can be achieved using a centralized application such as Microsoft System Center Mobile Device Manager or Sybase Afaria, or relying on a third party managed service from an operator. These policy-driven suites combine monitoring and enforcement and also work with back-end authentication servers.

On the second point, connections, VPN connections with IPsec are best, and there should be automatic software to bar devices that do not conform to enterprise security policies, e.g. if their antivirus software is outdated or they are accessing from an insecure public hotspot.

In the third area, data, selective data encryption is important to secure sensitive files and items such as email inboxes, contacts and certificates. Encryptable removable storage devices like SD cards are also useful.

This was first published in August 2009