Enterprises tend to enhance employee productivity by allowing
smartphones and tablets at work. But, lack of essential security and mobile
device management (MDM) strategies introduces new risks to the corporate
resources and privacy of smartphone/tablet users. Security complexity will
further increase, when enterprises adopt bring-your-own-devices (BYOD) to work.
The data contained in these employee-owned personal devices are sensitive and
critical to the enterprise businesses. Issues of security, compliance, legality,
trust, device ownership, data leakage needs attention. Thus, a strong corporate
policy coupled with the best security practices is essential for a good enterprise mobility initiative.
According to a recent Forrester Research Report, smartphones’ use by the
US-based information workers is expected to triple by 2013. Also, the use of tablets
to work is rising at a steep rate. Today within the US and Canadian businesses half
of the smartphones are not company-issued equipment, reports Forrester. Most
analysts feel that a better mobile device security strategy is to be
made sooner than later. Let’s discuss here the top 15 best security practices
for mobile device management that helps the enterprises to manage mobility and
BYOD strategies in their business operations.
1 –Choice of
Mobile Devices for Enterprises
The first and foremost strategy is the choice of the mobile devices. Mobile
devices having inbuilt security is best to be used in the enterprises than the others
that does not provide enough security which is commonly used by the general
consumers. Enterprises need to allow only the mobile devices that have the best
possible control and security inbuilt with them.
2 – Enterprises
to Devise a Strong Security Policy
As most modern devices such as the smartphones and tablets do not have
encryption inbuilt within the hardware, it is impractical to fully encrypt the
mobile devices. However, enterprises must strive to employ a good encryption
method which is a key to build a strong security policy by suitably choosing OS
and device encryption methods. Device encryption method would help to encrypt
the local storage, but enterprises must ensure that it covers all the risk
areas including the internal and external memory. Enterprises should also adopt
OS encryption methods by installing respective third-party apps to secure text
messages, e-mails, calendars, contacts, voice calls and other critical
communications. Thus, enterprises can suitably devise a strong security policy
with the help of device and OS encryption methods.
3 –Extend Existing
Corporate Security Policies to Mobile Devices
Enterprises should enforce the existing security policies, in practice, such
as password protection, authentication access etc to the mobile devices also.
That is, mobile devices accessing the corporate networks should be enforced to
comply with the enterprises’ authentication and security process. Currently existing
rules within the corporate networks such as passwords of specific maximum
length with a combination of uppercase characters and special characters can be
applied to mobile devices accessing the corporate networks.
Enterprises that adopt Mobility and BYOD at work for its employees
should have an effective Mobile Device
Management solution in place in the absence of which mobile security becomes an optional
and increases the security risks. An effective MDM solution to enforce organization’s
compliance, policies and procedures will enable the enterprises to secure their
corporate networks accessed over the mobility devices, to regulate the usage of
mobile apps & devices and to manage their mobile application users.
5 – Registry
of Mobile Devices
Take stock of the mobile devices connected to the corporate network. It
is an important security principle to be employed in the corporate houses where
mobility is enabled into their businesses. If an enterprise is specific about
the type of smartphones/tablets it allows for its business operations, then
security policies should be formulated to restrict the usage of the other type
of devices. However, enterprises at its discretion can allow a new type of
mobile device to connect to their corporate network but have them enrolled into
your corporate compliance regulations and security policies to ensure security
of your business data.
6 –Automated
Wiping & Remote Locks
Identifying unusual situations like jail breaks, lost device, device
theft, number of repeated failed login attempts or not connected to the network
for lengthy period say for more than a month, and enabling those mobile devices
for remote wiping, automatic padlocking and account locks is an essential
security mechanism that enterprises need to adopt to safeguard enterprise data.
7 –Installing
Only White-listed Applications
Enterprises of all sizes struggle to protect their network end points
from constant attack of malware. Application white listing is one of the best practices
that enterprises should try to implement to enhance the security of the mobile
devices in their corporate network. This approach has gained traction during the
recent days which works in reverse to the traditional defenses such as anti-virus
and firewalls by permitting only good known files. Tentative listing of applications
allows only authorized software to be installed on the mobile devices and prevents
the malicious software from entering the corporate network. Also, it typically
acts as a barrier to protect the mobile devices from being exploited with
malicious software contents. This could be troublesome from the user
perspective, but for the enterprises it is really a great step towards securing
their corporate network.
8 – Common
SSL VPN Connectivity
Enterprises should employ VPN access to enjoy the benefits of shared
networks without any security concerns in transmitting sensitive data over the
internet, since it encrypts the data as it traverses over the internet. Secure
socket layer virtual private network (SSL VPN) can be used to share networks
and secure remote access to users or group of users using laptops, PCs, smartphones
and tablets to any other critical client–server resources used in the corporate
network. This approach will reduce the overhead expenses of IT department by using
a single tunnel for network access instead of one solution for laptops, PCs and
another for tablets and mobile devices. So networks admin need to evaluate and select
the appropriate SSL VPN gateway solution that supports all type of clients
including PCs, laptops, tablets and mobile devices of all platforms.
9 –Reverse Web
Proxies for Secured Access
Reverse web proxies performs authentication and encryption of the data
access that is happening over the Web. This will enable its users access the
Web in a secured manner from any of their client devices whether it is a smartphone
or tablet or a laptop or PC. Reverse proxies can be created as an additional
security layer to front-end public, private and trusted servers, while storing
the sensitive and critical information in the internal network immune to the
external security vulnerabilities and network attacks. Enterprises enabling
mobility and BYOD into their businesses should implement these reverse proxies
to provide safe access to its corporate networks for the users who are
accessing to over the web from their smartphone or tablet devices.
10 – Run Regular
Security Updates & Patches
Any mobile operating systems and their upgrades and updates are prone to
security vulnerabilities and hacker attacks, which is countered by parallel security
patch releases. Enterprises need to ensure that the mobile devices connected to
their corporate network are installed with regular security updates along with
updates of new upgrades and patches for the mobile operating systems (iOS,
Android OS, Blackberry OS, etc).
11 –Extending
Firewall Policies to Mobility Devices
Enterprises should control the traffic that is coming from the smartphones
and tablets by setting up unique firewall policies. A firewall helps by
restricting access to a corporate network and provides access that is really
needed for the specific user. An example would be, setting off the access to a
financial database with firewall and providing access to the network resources
that users reasonably want to use.
12 – Installing
Intrusion Prevention System
Enterprises need to install intrusion prevention systems (IPS) that is
very essential to study the traffic that is coming from the smartphones and
tablets. IPS helps to proactively respond to security threats initiated on the
corporate network by the smartphones and tablets. They help to filter out the
routine events from critical threats and also highlight the incidents that
require immediate action. It is easy to visualize the attacks that are coming
in from the smartphones and tablets as they being sophisticated devices.
13 –Securing
Wireless (Wi-Fi) Connectivity
CNET News reports estimates that 90 per cent of the smartphones and
tablet devices in usage will have Wi-Fi functionality by 2014. Enterprises must
confirm the security of the wireless connectivity by devising various security
measures such as disabling auto-connectivity to Wi-Fi. Security of the wireless
network should also be enhanced on par with the wired networks by running deep
packet inspection. Traffic connected to the corporate network through Wi-Fi
devices should apply WPA2 and deep packet inspection. Proper intrusion
prevention software should be in place for mobile devices connected through Wi-Fi
devices.
14 –Secured Bluetooth
Usage
Though Bluetooth is a very advantageous feature for smartphone users where
they can talk hands free while they drive or perform another task, they are
easily prone to hacker attacks. The discoverable feature of blue tooth makes
the devices vulnerable to hackers. Enterprises must enforce to disable or
toggle the Blue-tooth devices to hidden mode that are not in active information
transmission. Blue-tooth functionality in today’s smartphones helps the users
to talk easily with hands-free headsets, but is easily prone to hackers. This
is also a way hacker’s gain access to the devices because of the always-on and
always discoverable feature of the Blue-tooth device.
15 – Follow Federal
& State Laws
The US states and other Governments
have stringent local laws governing the exposure of sensitive and private data
of their residents. It is high time enterprises need to be aware of those laws
and include them in their corporate security policies governing the usage of
smartphones and tablets into their businesses. It would be mandatory for the
enterprises to encrypt all the customer data on the mobile devices to comply
with the federal and state notification laws.
