Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Strategy: Securing Mobile Data: Page 2 of 5

Mobile encryption has come a long way, but technology is only half the story. At press time, there were more than 3,300 used BlackBerrys listed on eBay. If one of them were loaded with sensitive data, there's little technology can do. Define a corporate policy that covers device selection, provisioning, deployment, use, maintenance, recovery, and disposal. Resist the temptation to treat executives' devices differently. Your organization is only as secure as its weakest link, and a smartphone is more likely to be lost than a laptop. Executives are no more immune than anyone else, and they may carry more sensitive data.

When writing your policy, start with basic data protection measures such as encryption and power-on passwords, and ensure that devices can be remotely wiped in case they're lost or stolen; most push e-mail, device management, and security systems provide this. More granular policies include mandating VPNs and forcing users to be in compliance with antivirus, firewall, or other security software.

Security policies aren't static; they must be periodically updated to address the changing needs of the business and as newer technologies are implemented. Impress on users that the loss of a device goes beyond the cost of the physical asset.

Does implementing usage policies mean enterprises should take over device procurement? Maybe. It's easier to enforce policies and deploy security software when you own the physical asset. Of course, there's a reason IT shies away from issuing mobile devices. The smartphone market is consumer-driven, which means accelerated hardware revision cycles. Mobile security and management vendors do a good job supporting the most popular devices, but advanced hardware security capabilities, like locking down cameras or disabling SD card slots, are spotty. If you let employees store data on their own devices, the best solution is to compromise by issuing, and continually updating, a menu of hardware that your mobile security vendor supports.


Steps To Keep Mobile Data Safe

1. SET A POLICY

2. ENCRYPT DATA
3. BE READY
4. WATCH FOR BIOMETRICS
5. NOT TAKING THESE STEPS?
Then consider locking down corporate PCs so users can't install synchronization software. No sync, no sensitive data on mobile devices.