Patrick Salmon, a Mobile designer of Enterprise Mobile, a technology service company specializing in Windows Mobile applications, said that if you ask a stranger to borrow a smartphone from your company, you may have given your company data as a gift to that person. The reason is: the person may be able to insert a device named as a CSI storage stick into your phone and extract all the data from the phone in a few seconds.
Mobile Consulting Company J. jack Gold, head of Gold Associates, said there are four main aspects of mobile device security control: manage and ensure the security of every mobile device, manage every connection, protect every point of data and educate every user.
Manage and ensure the security of every mobile device
Wireless experts said managing each iPhone, Android device, and connection is the key to wireless security. Mobile devices are accessing the enterprise network and enterprise data, whether these mobile devices are purchased by the enterprise or by the individual. Device Security and management are closely related because you must be able to monitor these devices to enforce policies.
According to Salmon of Enterprise Mobile, in most cases, it is recommended that enterprises standardize two or three Mobile devices to minimize technical support, security, and management difficulties.
Dan Croft, president and CEO of Mission Critical Wireless, a technology service company dedicated to mobile applications, recommends that enterprises use mobile device passwords or PIN. He said that if your company does not enforce the password policy for these devices, you will give up all your other security measures.
In addition to the mandatory password policy for mobile phones and laptops, comprehensive device management applications should also be considered, such as Sybase's Afaria, Credant's Mobile Guardian, Nokia's intelliisync, Microsoft's system center Mobile Device Manager, and products of companies such as Checkpoint and Trust Digital. In addition, enterprises should be able to remove, lock, or delete data from stolen or lost mobile devices.
Manage each connection
Gold said these connections would be fully exposed if they were not done well. Do not leave end users alone.
Experts recommend that you use a VPN (Virtual Private Network) connection with the IPsec function in mobile applications. Salmon said that using SSL on TCP port 443 is the least resistant method. I think it is weak in both options. This is because, although the target server has a certificate and is trustworthy, The SSL client is not like that. IPsec requires that the port must be open exclusively. However, the two ends of this connection have certificates.
Protect every point of data
Data Encryption is an important item in any mobile application. With managed mobile devices, you can publish and enforce Data Encryption policies. Folder, email inbox, user data, contacts, certificates, and so on should be encrypted. In addition, you should also consider encrypted or encrypted removable storage devices, such as high-capacity SD cards.
Educate every user
Gold says few companies adopt appropriate procedures and policies to educate end users on protecting the security of their mobile assets. Users should be on your side.
Salmon of Enterprise Mobile says the biggest security vulnerability is people. If a stranger asks you to borrow a laptop for 5 minutes and check his stock portfolio, you will say "no ". Because you have already received this risk education. Don't let strangers use your laptop. The same idea applies to mobile phones.
- Do you choose to use VoIP on a mobile device?
- Adapt to enterprise needs Cisco Unified Communication Software to add mobile features
- Global mobile device market: Huawei's age has arrived