How to set up a corporate cell phone management strategy

BROWSE BY TAG Network Security,   Smartphone and PDA Viruses and Threats,   Information Security Threats,   Information Security Policies, Procedures and Guidelines,   Information Security Management,   VIEW ALL TAGS

RELATED CONTENT Network Security How to set up a split-tunnel VPN in Windows Vista What is the difference between static and dynamic network validation? Port scan attack prevention best practices Securing the intranet with remote access VPN security How to prevent network sniffing and eavesdropping How to implement virtual firewalls in a complex network infrastructure How to manage network bandwidth with distributed ISP bandwidth How to edit group policy objects to give a user local admin rights How to prevent operating system cloning with AES 256-bit encryption How to securely connect a LAN POS to a remote point-of-sale device Information Security Policies, Procedures and Guidelines Balancing security, business case for consumer products in enterprise Schneier-Ranum face-off part 6: Audience questions Editor's Desk: Apathy and the Cybersecurity Coordinator Writing security policies using a taxonomy-based approach How to detect and respond to money laundering Health Net breach failure of security policy, technology How to protect distributed information flows Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary defense in depth  (SearchSecurity.com) non-disclosure agreement  (SearchSecurity.com) security policy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

EXPERT RESPONSE FROM: Mike Chapple, featured expert Pose a Question Other Security Categories Meet all Security Experts Become an Expert for this site

ANSWERED March 2009:

Outside of some super-paranoid government agencies and their contractors, most security professionals are dealing with mobile devices head-on. Realistically speaking, it's difficult to restrict the use of mobile devices in an enterprise. Sure, you can block them from your Wi-Fi network, but you can't stop the wireless carriers' data signals from reaching inside your buildings.

Instead of blocking wireless devices, I encourage you to embrace them. Reach out to users and remind them that you're not the security police, but rather a helpful resource to provide them with ways to safely use technology to meet their business requirements. Demonstrate to them that it's possible to use these devices in a secure manner by encouraging them to use the built-in VPN capabilities of smartphones, encrypt their mobile devices to protect stored data and report the loss or theft of devices promptly.

You may also wish to consider standardizing your enterprise on a single smartphone platform. If you choose, for example, to equip all of your mobile staffers with Blackberrys, you'll have a much easier time providing security advice and an infrastructure than if you have an assortment of different devices, including iPhones, Treos, Windows-based devices and other gadgets-of-the-day running around your building.

The Blackberry route is especially appealing to many organizations with the release of the feature-packed Blackberry Enterprise Server (BES). This management platform allows you to centrally administer devices for both usability and security. For example, you can use BES to require that all Blackberries in your organization use AES encryption to protect locally stored data. That approach offers peace-of-mind when one of the devices turns up lost or stolen.

In summary, it's not likely that many organizations will be able to stomach a policy that attempts to prohibit or severely restrict the use of mobile devices. They're simply too convenient and enhance productivity significantly. You can, however, take steps to manage their deployment so it minimizes the additional risk to enterprise security.

For more information:

• Learn the best way to know if your mobile device is being spied on.
• The growing threat of mobile malware: Read more.