04:25 PM
Connect Directly

4 Strategies To Lower Mobile Device Risk

Employees want their own phones, and managers want them using apps for productivity. Your problem: Secure all this.

Look around, and you'll likely agree that end-user computing is taking its most radical turn since, well, the introduction of end-user computing.

Smartphones and now the iPad and tablet computers (which create similar challenges for mobile security) are growing like mad. To put some numbers on that growth: Smartphones accounted for 46% of global mobile phone revenue in the second quarter of last year, Infonetics research finds. It estimates that two out of three mobile subscribers in developed countries will use smartphones by 2014.

Mass-market smartphone ownership is creating new expectations from employees. Apple's and Google's offerings trump the BlackBerry platform, the enterprise standard, because people think they can be both serious (for business) and fun (for me).

2010 also brought the first truly practical hyper-mobile computer--something larger than a smartphone but smaller than a PC. The iPad and its tablet followers have obvious appeal to people, many of whom are wondering if they can replace their work computer some of the time, feeding those work-anywhere, play-anywhere fantasies. This month's Consumer Electronics Show illustrates the tablet frenzy Apple ignited with its wildly successful iPad, introduced only a year ago. New tablets are promised from Motorola, Research In Motion, Samsung, Dell, and even newcomers such as TV maker Vizio. Verizon has had the iPad on its network, and now has the iPhone 4 as well.

So the competition for mobile hearts and minds and pinch-and-tap fingers is in full swing, which means your employees will be showing up with more and more new devices. Employees want access to corporate resources and data via these new devices, many of which they personally own. Of utmost concern to any compliance-minded CIO should be: Are these new computing methods putting my data at risk? The answer is likely "yes" if you're leaving device settings up to the users. As we'll discuss, the risks of both smartphones and tablets can be managed in much the same way; it's just a matter of defining your requirements, picking a capable management product, and moving forward. We'll offer four frameworks for managing the risks of these mobile devices.

But first some important context. The megatrend is a shift beyond simple e-mail on these mobile devices. First driven by the iPhone, and now by the iPad, apps are the new frontier, with enterprise examples that include CRM, virtual desktop access (check out VMware's VDI infrastructure), and specialty apps.

Apps fall into two big categories, says Ojas Rege, CEO of mobile device management (MDM) vendor MobileIron. They're either task-oriented with broad appeal, such as those for time sheets, expense reports, and conference room scheduling; or they're specialty apps for a niche audience. Some of those specialty apps are custom-coded for a company's specific business processes.

For example, Customedialabs, an interactive media agency, produces a digital sales app for the medical device and diagnostics industry. Using a client app that regularly syncs with a back-end data repository, the mobile app helps clients cover sales territories using CRM components, while trying to ensure that reps show prospects only the latest medical information. This cuts the risk of providing out-of-date material, a violation of stringent FDA Part 11 rules.

It's just one example of how, with apps, we've left the safe confines of e-mail far behind.

Become and InformationWeek Analytics subscriber and get our full report on reducing enterprise risk from mobile devices.

This report includes practical advice on charting CIO-level strategies for securing mobile devices.
Get This And All Our Reports

1 of 4
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio