Having a workforce hooked up to smartphones and tablets is causing many IT departments headaches, but if the proliferation of mobile devices is handled correctly it creates more of an opportunity than a threat.
There’s no question that 2012 was a major tipping point for mobile device ownership. According to PC Pro, household penetration of smartphones increased in the U.S. from 36 to 55 percent during the past 18 months, while tablet penetration increased from 17 to 44 percent over the same period. In 2013, I expect those percentages will only increase further.
The Current Shift in Workforce Mobility
The mindset of employees has shifted along with the availability of these devices. In 2012, a security firm surveyed approximately 4,000 Gen-Y workers worldwide and discovered that a staggering 50 percent consider bringing your own device to work a right rather than a privilege.
With this new attitude and the availability of all of these new and exciting devices, there is no doubt that the latest tech gadget will wind up in the office, whether or not it’s officially listed as a “work-supported device.” And, once employees bring their devices to the office, they’ll insist on connecting them to the enterprise network.
This may be troublesome for some, but businesses that try to buck this trend may be limiting their future options.
Clearly, BYOD is not a fad — it’s here to stay and becoming increasingly popular with today’s workforce. Market researchers at IDC forecast that the mobile worker population will reach 1.3 billion by 2015, while analysts at Gartner predict that tablets will total 665 million in 2016 and smartphones will exceed 1.3 billion in the same time frame.
The BYOD trend comes down to the ability to create an environment where employees can work anytime from anyplace, affording a greater level of customer care and responsiveness for the business. Yet despite the overwhelming presence and benefits of BYOD, there are still significant obstacles to overcome, and security ranks high on this list. In order to support BYOD while reducing the risk as much as possible, organizations must build mobile architectures to manage these devices and enforce policies that are aligned with their corporate risk policies.
BYOD introduces potential risk from an employee’s personal life into the corporate environment. The most common concerns include questions about supporting users with multiple devices, determining appropriate levels of access and permissions for employee and guest devices, provisioning corporate devices and determining what security vulnerabilities may be created by permitting multiple types of devices.
While seemingly overwhelming, the answers to these questions can help develop an effective, secure mobile strategy.
The Wireless Network
Its crucial to the success of your mobility initiative to know if your network can support the growing number of devices per user. The best way to gauge this is by performing a wireless assessment to verify capabilities and assess potential risks caused by obstacles in nearby rogue networks.
Security features such as wireless intrusion detection and prevention should be considered, as should controlling the number of permitted associated devices per user.
Network Access Management
If your organization plans to permit mobile devices, the best practice is to automate the process as much as possible through a network access management tool. Using this security measure, network access can be provisioned based on multiple factors such as device type, user authentication and risk status.
To track the devices, don’t rely on the employee’s wireless password, which can be compromised and isn’t associated with a specific device. Instead, register and track each employee device on the network.
Mobile Device Management
The basic function of a mobile device management tool is to secure the mobile hardware. Mobile device management will also help prevent data loss, while also preserving user experience and privacy.
There are a number of different mobile device management tools currently available with a wide range of features and functionalities. These include the ability to:
- Manage all network devices from a single console.
- Create organizational groups.
- Enable user authentication.
- Automate device enrollment.
- Create device profiles.
- Automate compliance processes.
- Access real-time dashboards, reports and analytics.
IT departments often believe that by putting an mobile device management solution in place they’ve done their job in terms of managing a mobile program. But mobile device management is just the tip of the iceberg. In addition to device management, content, apps, email, text and, when applicable, voice communications must be securely managed as well.
Mobile Content Management
Mobile content management creates a secure tunnel so an employee can access any type of content or data that resides within the network.
Using a mobile content management tool, content can be protected using a secure, encrypted tunnel. Policies can be put in place to secure certain types of data and content. The network can be barred, for instance, from transmitting HR records that contain sensitive information.
Mobile Application Management
A mobile application management tool allows network administrators to secure specific mobile applications, as opposed to the mobile device. This allows the IT department to ensure the safety of corporate data contained in enterprise apps, while the device owner maintains control over the device and the rest of its content.
Another benefit to mobile application management is mobile application inventory. This feature allows administrators to track all new applications coming in and out of the enterprise. In addition, mobile application management can be used to identify rogue applications and track application popularity and usage stats, including when and how often they were used.
A mobile application management solution is compatible with mobile apps, regardless of whether they were acquired through a public or private app store, or via a secure tunnel.
Any effective mobile application management tool can :
- Support mobile application distribution by creating centralized location for business applications. This enables IT administrators to privately push or publish private apps to their end users without going through a commercial storefront, making the process much more secure.
- Provide mobile application security and access control. This allows network administrators to quickly determine which applications are required, allowed or barred from a mobile device attempting to access the corporate network. Once the application list is complete, the administrators can associate applications with mobile device management-created rules that specify the consequences of being out of policy.
Adding Additional Layers
Once the foundation of your secure mobile strategy is in place, additional solutions or layers can be added, based on your organization’s specific requirements. These can include additional security features such as:
- Email, voice and/or text encryption
- Secure connection protocols such as a secure sockets layer virtual private network (SSL VPN)
- Antivirus, anti-malware and anti-spam software
Another (and frequently overlooked) element of an effective corporate mobile computing strategy is threat modeling.
Mobile devices, which by their very nature are more exposed to threats than other client devices, often need additional protection. Threat modeling involves identifying feasible threats, vulnerabilities and security controls and then quantifying the likelihood of a successful attack and its impact. This information can then be analyzed to determine where security controls need to be added or improved.
Another important consideration: The best way to secure business data is to simply avoid storing it on a mobile device. While it can be more convenient for an employee to work from a local copy on his or her device, this is inherently less secure. When data only resides on a server within the data center and can only be accessed via the network, there’s no local copy to lose if a device is stolen or misplaced.
The Best Approach is a Multi-Tiered Approach
Although BYOD introduces a variety of risks and security concerns, it is now business as usual. Many organizations in both the public and private sectors are embarking on mobile programs and employees are already connecting their personal devices to the enterprise networks.
To reconcile these conflicting realities, companies need to put a secure mobile strategy in place, although no single security solution or template will suffice for every organization. Each enterprise environment is unique with a different set of employees and mobility requirements. To be effective, a unique, individualized security solution is also necessary. This solution needs to be based on a multi-tiered policy that incorporates a variety of the different approaches and technologies that are available.
Developing a secure mobile strategy will protect corporate data while satisfying employees and keeping them productive. The bottom line is this: Businesses shouldn’t fear mobility — they should manage it.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access