As use of mobile devices such as smartphones and tablets becomes even more common and the bring your own device trend (BYOD) in enterprise continues, channel partners can use the opportunity to set up security practices.
James Quin, lead security research analyst with London, Ont.-based Info-Tech Research Group, presented his thoughts and advice on the topic to members of the Canadian IT channel at CDN’s Channel Elite Awards in September.
“The employee needs the capability to be able to work efficiently and effectively from wherever they are,” Quin said, which is driving more adoption of mobile devices, either planned through the enterprise or unplanned through BYOD. “They (IT departments) have to adapt to these demands,” he said.
About a third of mobile devices hold some form of sensitive data, he said. More than half of personal devices contain work contact information and more than 30 per cent contain confidential work data of one type or another.
“Laptops are the original mobile device,” Quin said. “We absolutely need to be concerned with laptops,” since they won’t go away. Laptops will eventually be part of the BYOD trend as well, he said. Those, along with smartphones and tablets, typically include work-related data, even if they are primarily personal devices.
Still, threats of mobile malware, unsecure remote access to the enterprise’s network and the risk of losing devices or having them stolen creates a need for strong mobile management solutions. “It’s coming; you can’t avoid it; you can resist the tide,” Quin said. “No solution would work without good fundamentals in place.”
That means organizations need to build strong policies around BYOD and the use of mobile devices for work. Further, they need to make sure employees actually know the policy. “We have to require acceptance by the user of the policy,” he said.
Beyond that, partners can help by implementing solutions to protect the device, protect the enterprise against them, and manage them at the same time:
Solutions to protect the device
Bringing security to the hardware level is important too, especially when it comes to malware protection and encryption solutions. “We need to ensure that last line of defence is in place,” Quin said. “We don’t lose database servers that often; we lose iPhones.”
Partners can also help organizations build a backup practice around data from mobile devices, he said. If a device gets lost and it has company information on it, organizations are going to want to wipe that out, Quin said. Since you can’t pick and choose what to wipe, employees may lose some non-work data as well. “You don’t want to get into a finger pointing approach when it comes to data being deleted,” Quin said.
Solutions to protect against the device
Application virtualization is also an option. “The value here is that because the application isn’t run locally on the device, the data isn’t locally on the device,” Quin said. Data leakage protection from mobile phones is also a critical component of managing devices. “This is the Holy Grail, if you will, of mobile data protection,” he said. Network access control also ensures that mobile devices connecting to the enterprise remotely meet minimum security standards before being allowed access to the company’s resources.
Not all enterprises will need the same level of mobile security, which is also where channel partners play a role. Technology deployment depends on need, Quin said.
That need can also differ among departments of an organization. Sales and marketing departments may have different requirements from the finance department, for example. Partners can help businesses tailor their mobile security solutions in the right way, so employees and the enterprise get the most out of their devices.
Overall, ceding ownership of devices does not mean ceding control, according to Quin. Enterprises need strong security practices in place to manage various devices and channel partners can help them decide which level of protection they need and how best to implement it.