Start With the BasicsBy Ericka Chickowski | Posted 2009-02-26 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Security risks rise with the sophistication of mobile devices.
1. Choose Devices Carefully
Not all devices are created equally when it comes to security. For example, iPods are built for general consumers not as concerned by security and is therefore less inherently secure than a BlackBerry device designed for enterprise users.
“The degree to which IT managers can control security on mobile devices is highly dependent upon the vendor that they select,” DeBeasi says. “You should try to get mobile devices that have the best possible control and security on them and then use those mechanisms and it will go a long way to locking down those mobile devices.”
2. Turn On Encryption
Once you choose devices with stronger security controls, use those controls! DeBeasi says that many organizations do not enforce or even set policies mandating the use of device encryption on mobile devices.
“Many people don't go through the bother of doing the encryption. You always want to be careful and you always want to have a level of paranoia about what happens to your sensitive information,” he says. “ Mainstream enterprises need to lock it down and take it seriously like they do with a laptop and be really consistent with their policies and enforce them.”
3. Require Authentication
A survey released by Credent Technologies in September 2008 found that in just a six month period more than 31,000 New Yorkers left behind mobile devices in a taxicab. The fact of the matter is that these devices are just too easy to lose to go without proper authentication. And yet, most enterprise users don’t use the password function on their devices.
“So imagine, you lose your phone in a cab and the next passenger gets in opens it up and then they immediate access to your device because you didn't put any authentication in there,” DeBeasi says.
He says that it is critical that users be required to turn on device authentication so that lost devices can not be easily accessed by any person that finds or steals a device.