Outside of some super-paranoid government agencies and their contractors, most security professionals are dealing...
with mobile devices head-on. Realistically speaking, it's difficult to restrict the use of mobile devices in an enterprise. Sure, you can block them from your Wi-Fi network, but you can't stop the wireless carriers' data signals from reaching inside your buildings.
Instead of blocking wireless devices, I encourage you to embrace them. Reach out to users and remind them that you're not the security police, but rather a helpful resource to provide them with ways to safely use technology to meet their business requirements. Demonstrate to them that it's possible to use these devices in a secure manner by encouraging them to use the built-in VPN capabilities of smartphones, encrypt their mobile devices to protect stored data and report the loss or theft of devices promptly.
You may also wish to consider standardizing your enterprise on a single smartphone platform. If you choose, for example, to equip all of your mobile staffers with Blackberrys, you'll have a much easier time providing security advice and an infrastructure than if you have an assortment of different devices, including iPhones, Treos, Windows-based devices and other gadgets-of-the-day running around your building.
The Blackberry route is especially appealing to many organizations with the release of the feature-packed Blackberry Enterprise Server (BES). This management platform allows you to centrally administer devices for both usability and security. For example, you can use BES to require that all Blackberries in your organization use AES encryption to protect locally stored data. That approach offers peace-of-mind when one of the devices turns up lost or stolen.
In summary, it's not likely that many organizations will be able to stomach a policy that attempts to prohibit or severely restrict the use of mobile devices. They're simply too convenient and enhance productivity significantly. You can, however, take steps to manage their deployment so it minimizes the additional risk to enterprise security.
For more information:
Dig Deeper on Information Security Policies, Procedures and Guidelines
Related Q&A from Mike Chapple
The PCI SSC extended the deadline for organizations to update TLS encryption standards before announcing PCI DSS 3.2. Expert Mike Chapple examines ...continue reading
Biometric security systems come with many advantages, but do they also come with many regulations? Expert Mike Chapple discusses biometric ...continue reading
A recent FTC lawsuit against Wyndham Hotels highlighted concerns for enterprises that have suffered a data breach. Expert Mike Chapple discusses the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.