Mobile devices are both a business enabler and a potential security risk if they are not managed properly. Like all new technologies, they require a proactive security strategy to mitigate the risk they can introduce.
One of the most recent technology phenomena to hit the high-tech business market is the emergence of mobile devices – which come in all shapes and sizes. This has led to an increasing demand from staff for the latest and greatest device to help them improve productivity.
However, while everyone is scrambling to have the latest device in their hands, they seldom think about just how powerful they are, and the security concerns associated with using them.
The security of the device and the data it holds is the last thing on the user's mind. In most organisations, there are a mass of mobile devices, (PDAs, iPods, smart phones, and so on) some private, some company-owned, but all of them connected to your corporate network. Before you know it, you have no control over what happens to them or the data they pass.
At the end of the day, these portable devices are nothing less than a portable computer. Add wireless functionality to them and they become a proactive slave of your office desktop. They can contain huge amounts of corporate and often personal data and, while they are an effective tool for mobile workers and do increase productivity, most have little, if any, built-in security features.
They are also far easier to lose or have stolen. A recent study in Chicago revealed a staggering 85,619 mobile phones, 21,460 PDAs and 4,425 laptops left in licenced cabs over six months – only London had a worse loss rate.
Without appropriate security controls applied to the devices, the information they contain is easily accessible.
Early last year, we decided to develop a security strategy for mobile technology and, in doing so, we created a comprehensive usage policy.
We need to support users, but we also needed to ensure there was an appropriate level of control.
We centralised the method of connectivity, limited the number of supported devices, and are now in the process of rolling out security software that enforces security polices on the devices, such as password protection, synchronisation only at work and encryption.
As CSOs, we need to set clear guidelines agreeing what can be connected to corporate networks. The long-term aim for us is to ensure portable devices have similar levels of control to the corporate desktop. Without a proactive security strategy to control these toys, you are opening yourself up to large-scale data theft and possible data protection implications.
The real question you need to ask yourself is: how mobile do you really want your data and information to be?