Network Computingwww.networkcomputing.com

Strategy: Securing Mobile Data

Posted by
February 09, 2008

Tags: ActiveX, Administration, Corporate Training, Data Networking & Management, Data Protection, Enterprise Management, Keyboards and Keypads, Mobile Hardware, Mobile Security, Mobile and Wireless, Network types, New Technology, Other, Remote Access, Remote Access Software, Sean Ginevan, Security Policies and Management, Security and Privacy, Servers, Servers & Storage, Software, Software and Web Development, Technology, Telecommuting, USB, USB Cards, Unified Communications & VoIP, WLAN Security, Wireless, Wireless Networking Security, encryption, mobile security, smartphones

Channel: Other, Networking & Mgmt, Servers & Storage, Data Protection, Wireless, UC & VoIP

Do you have a security policy governing data access via mobile devices? Unless things have improved considerably since we asked readers this question last summer, it's even odds you don't. The problem is, employees are using smartphones in their jobs, whether the security team is on board or not. In a July InformationWeek survey, 82% of smartphone owners said they use their devices to read business e-mail, 80% surfed corporate Web sites, and 61% accessed enterprise data.

And don't look to business managers to stifle this trend: 74% of users said they foot their own cellular bills, and 65% paid for the devices out of their own pockets. More productivity at little or no cost to the business. So what's not to like?

Plenty, actually. Mobilizing employees increases productivity, but the security risk is dramatically heightened without IT involvement. Yet just 31% of readers said corporate IT supports smartphones and PDAs. We understand the logic: When the enterprise doesn't own the devices, it can't regulate what users buy. Supporting a mishmash of systems is a nightmare. That's why for years we've advised readers to stay ahead of this trend. Those who didn't now find themselves in an untenable position. While the enterprise might not own the physical assets, it does own the data that end users are storing on them. As soon as corporate information lands on a smartphone, it becomes a business asset that needs to be secured.

CIOs have two options: Freeze out mobile devices by preventing installation of synchronization programs like ActiveSync, disallowing access to corporate servers from mobile devices, or lock down USB ports on corporate PCs. Of course, employees will waste time trying to circumvent these roadblocks. A better route is to put the correct mix of policies and technological enforcement in place to keep your data safe while realizing the benefits of mobility. FIRST COMES THE POLICY

Related Reading

---

More data-protection Insights