Problem solve Get help with specific problems with your technologies, process and projects.

What are some of the best ways to ensure mobile security?

Learn how to ensure mobile security in this expert response from Caroline Gabriel.

What are some of the best ways to ensure mobile security?
There is considerable concern about the new security threats that will arise from the rising use of the mobile internet for corporate purposes -- especially services that are accessed from the open browser rather than via a carrier system like IMS or a managed enterprise application. Google thinks communications, email and apps will all be run out of the browser in future, but this means introducing the same types of security to the phone as are common on the PC -- antivirus, firewalls and so on. These are less mature for mobile devices to date, and take up considerable resources, slowing the instant responses that are expected on phones.

Even apart from the hacking and internet virus threats, there must be increasing attention to security as more employees are using UC on mobile gadgets and accessing corporate data and contacts from a handset. This means existing security, authentication and management infrastructures have to be extended and adapted to cellular and Wi-Fi products.

Another important aspect of a UC security policy is central tracking and management of devices and policies when they get lost (e.g. many vendors now support remote disabling or wiping of lost and stolen phones).

The three main areas where we think mobile security must be tightly managed are:

  • securing and managing every device
  • managing all connections
  • protecting all data

The first is easiest if the company standardizes on just a few devices, barring users' own phones from the system. Device passwords and PINs should be implemented with automatic lock after three failed attempts. More comprehensive device management can be achieved using a centralized application such as Microsoft System Center Mobile Device Manager or Sybase Afaria, or relying on a third party managed service from an operator. These policy-driven suites combine monitoring and enforcement and also work with back-end authentication servers.

On the second point, connections, VPN connections with IPsec are best, and there should be automatic software to bar devices that do not conform to enterprise security policies, e.g. if their antivirus software is outdated or they are accessing from an insecure public hotspot.

In the third area, data, selective data encryption is important to secure sensitive files and items such as email inboxes, contacts and certificates. Encryptable removable storage devices like SD cards are also useful.

Dig Deeper on Mobile Unified Communications

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.