Project Pointers: Tips For Setting Up Your Own Mobile StrategyBy Darrell Dunn | Posted 2007-08-14 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Creating a comprehensive mobile security strategy can be difficult and expensive. Consider these tips before plotting a strategy to protect and manage mobile devices.
Assess your needs. Understand the risks and vulnerabilities of your enterprises, says Gregg Davis, CIO for Webcor Builders, a San Mateo, Calif., commercial builder. Not all businesses need to operate with the same level of security. If your industry must comply with regulations for protection of data, you may need a greater level of security than a company handling less sensitive corporate and customer data. If data loss wouldn't be critical to your company, operating-system-level encryption could suffice.
Weigh options. Encryption is an effective method of protecting data, says Forrester analyst Paul Stamp. Some courts will excuse a company from reporting a loss if it can show the information has been adequately encrypted. Multiple vendors are available to provide either full-disk or policy-based encryption. Disk-level encryption can place a strong umbrella of protection around mobile equipment, but file-based encryption, which selects specific data to encrypt based on predefined company policy, can be more flexible.
Follow the data. Make sure to target your security dollars at where critical data resides, says Jere Roche, network service team leader for Clark Memorial Hospital in Jeffersonville, Ind. For most enterprises today, that will be laptop computers. As processors and graphics continue to mature for handhelds, however, expect more applications to move onto smaller devices. CIOs need to plan for how policy and technology will best intersect to meet the new computing styles expected over the next few years.