Manage from a DistanceBy Ericka Chickowski | Posted 2009-02-26 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Security risks rise with the sophistication of mobile devices.
4. Utilize Remote Wipe Capabilities
Give IT staff the ability to remotely access and disable devices in the event of loss or theft. This could be very handy in a situation where, say, an executive loses his or her device at a conference—along with yearly sales projections and strategies stored within, DeBeasi says. With the remote capability all it would take is a quick call to IT and they’ll take care of it.
5. Set Up a Lost Phone Hotline
It is not good enough simply to have remote wipe capabilities. Organizations also need to have a procedure set for users who have lost their devices. Make it easy for them to call IT to alert staff that a device has been lost by setting up a direct line and publicize the procedure for IT notification in such an event.
“If you're concerned about losing data, make sure your users have a contact point where they can get a hold of you so you can initiate that process to wipe them over the network and make sure that data isn't lost,” Cross says. “They’ll have an incentive to get a hold of you if they want another phone, but it’s useful if they know who to call and that you can immediately start that process.
6. Control Third-Party Apps
Smartphones are so dangerous because they are essentially miniature computing platforms that can accept any nature of third-party applications. Cross recommends limiting the installation of unsigned third-party applications to prevent the bad guys from requisitioning control of your devices.
“It makes sense to limit people’s ability to install arbitrary third-party applications because that is exactly the how some of these Trojans will allow a bad guy to connect form the internet and get back out into your corporate VPN,” Cross says. “That's how they work, they go out and say ‘Here's this cool video game for your Blackberry! Install this, it’s a lot of fun.’ And people will install it and it will say ‘This isn't signed,’ and they'll say, ‘That's OK.’ And then their phone is now a gateway.”
7. Set Unique Firewall Policies
Enterprises should set up unique firewall policies specifically for traffic coming from smartphones. The way Cross sees it, smartphone users don’t necessarily need access to every bit of data on the network, so it makes sense to limit exposure by only offering access to the types of data they need.
“There's stuff that they need access to, but they probably don't need access to your financial database. It probably doesn't work very well from a phone browser anyway,” he says. “ Stuff like that that has nothing to do with what people are doing from the phone, so you should firewall it off and traffic coming from the phone should only go to stuff that people would reasonably want to use.”