Risk
1/19/2011
04:25 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

4 Strategies To Lower Mobile Device Risk

Employees want their own phones, and managers want them using apps for productivity. Your problem: Secure all this.

Look around, and you'll likely agree that end-user computing is taking its most radical turn since, well, the introduction of end-user computing.

Smartphones and now the iPad and tablet computers (which create similar challenges for mobile security) are growing like mad. To put some numbers on that growth: Smartphones accounted for 46% of global mobile phone revenue in the second quarter of last year, Infonetics research finds. It estimates that two out of three mobile subscribers in developed countries will use smartphones by 2014.

Mass-market smartphone ownership is creating new expectations from employees. Apple's and Google's offerings trump the BlackBerry platform, the enterprise standard, because people think they can be both serious (for business) and fun (for me).

2010 also brought the first truly practical hyper-mobile computer--something larger than a smartphone but smaller than a PC. The iPad and its tablet followers have obvious appeal to people, many of whom are wondering if they can replace their work computer some of the time, feeding those work-anywhere, play-anywhere fantasies. This month's Consumer Electronics Show illustrates the tablet frenzy Apple ignited with its wildly successful iPad, introduced only a year ago. New tablets are promised from Motorola, Research In Motion, Samsung, Dell, and even newcomers such as TV maker Vizio. Verizon has had the iPad on its network, and now has the iPhone 4 as well.

So the competition for mobile hearts and minds and pinch-and-tap fingers is in full swing, which means your employees will be showing up with more and more new devices. Employees want access to corporate resources and data via these new devices, many of which they personally own. Of utmost concern to any compliance-minded CIO should be: Are these new computing methods putting my data at risk? The answer is likely "yes" if you're leaving device settings up to the users. As we'll discuss, the risks of both smartphones and tablets can be managed in much the same way; it's just a matter of defining your requirements, picking a capable management product, and moving forward. We'll offer four frameworks for managing the risks of these mobile devices.

But first some important context. The megatrend is a shift beyond simple e-mail on these mobile devices. First driven by the iPhone, and now by the iPad, apps are the new frontier, with enterprise examples that include CRM, virtual desktop access (check out VMware's VDI infrastructure), and specialty apps.

Apps fall into two big categories, says Ojas Rege, CEO of mobile device management (MDM) vendor MobileIron. They're either task-oriented with broad appeal, such as those for time sheets, expense reports, and conference room scheduling; or they're specialty apps for a niche audience. Some of those specialty apps are custom-coded for a company's specific business processes.

For example, Customedialabs, an interactive media agency, produces a digital sales app for the medical device and diagnostics industry. Using a client app that regularly syncs with a back-end data repository, the mobile app helps clients cover sales territories using CRM components, while trying to ensure that reps show prospects only the latest medical information. This cuts the risk of providing out-of-date material, a violation of stringent FDA Part 11 rules.

It's just one example of how, with apps, we've left the safe confines of e-mail far behind.


Become and InformationWeek Analytics subscriber and get our full report on reducing enterprise risk from mobile devices.

This report includes practical advice on charting CIO-level strategies for securing mobile devices.
Get This And All Our Reports


Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web