See related slideshow, 10 Best Practices for Mobile Security.
As the rate of mobile device adoption continues to spike and the sophistication of these devices advance, users are becoming more efficient road warriors than ever. Unfortunately, they’re also introducing a lot of risk into the IT equation. The more capable these devices are of helping users access and manipulate data, the more capable they are of being used by hackers to do the same.
“Think about what resources these people have access to from the phones,” says Tom Cross, security researcher for IBM ISS X-Force. “These folks will have VPN clients where you can get into the corporate intranet and there have been cases in the past where people have actually written back doors that will run on the phone that allows a bad guy to connect from the Internet through the phone into your internal network. That is a risk you want to manage.”
Sadly, though, many organizations these days not only do not manage their mobile security risks, they don’t even manage mobile devices. Organizations need better control over the devices that connect to their networks if they want to keep a tight reign over corporate data, Cross says. This means taking a proactive role over mobile devices and getting the organization to sponsor the purchase of a uniform set of devices within the enterprise.
“It is absolutely our view that you should manage these devices,” Cross says.
Paul DeBeasi of Burton Group’s network and telecom strategies group says that organizations may not even need special security technology to mitigate mobile device risk to an acceptable level. Most times it is a matter of starting out with consistent policy development and enforcement, he says.
The following is a list of suggestions from Cross and DeBeasi to start managing mobility effectively.