Outside of some super-paranoid government agencies and their contractors, most security professionals are dealing...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
with mobile devices head-on. Realistically speaking, it's difficult to restrict the use of mobile devices in an enterprise. Sure, you can block them from your Wi-Fi network, but you can't stop the wireless carriers' data signals from reaching inside your buildings.
Instead of blocking wireless devices, I encourage you to embrace them. Reach out to users and remind them that you're not the security police, but rather a helpful resource to provide them with ways to safely use technology to meet their business requirements. Demonstrate to them that it's possible to use these devices in a secure manner by encouraging them to use the built-in VPN capabilities of smartphones, encrypt their mobile devices to protect stored data and report the loss or theft of devices promptly.
You may also wish to consider standardizing your enterprise on a single smartphone platform. If you choose, for example, to equip all of your mobile staffers with Blackberrys, you'll have a much easier time providing security advice and an infrastructure than if you have an assortment of different devices, including iPhones, Treos, Windows-based devices and other gadgets-of-the-day running around your building.
The Blackberry route is especially appealing to many organizations with the release of the feature-packed Blackberry Enterprise Server (BES). This management platform allows you to centrally administer devices for both usability and security. For example, you can use BES to require that all Blackberries in your organization use AES encryption to protect locally stored data. That approach offers peace-of-mind when one of the devices turns up lost or stolen.
In summary, it's not likely that many organizations will be able to stomach a policy that attempts to prohibit or severely restrict the use of mobile devices. They're simply too convenient and enhance productivity significantly. You can, however, take steps to manage their deployment so it minimizes the additional risk to enterprise security.
For more information:
Dig Deeper on Information Security Policies, Procedures and Guidelines
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.