Policies for reducing mobile risk

Risky business
When a mobile device is lost or stolen, any business data it contains is jeopardized. Laws, such as California SB1386 (and similar laws introduced in 35 states last year), require companies to notify individuals whose private information may have been compromised. And businesses that violate industry mandates like HIPAA and GLBA face hefty fines or even jail time. But many companies cannot even enumerate the data carried by lost or stolen mobile devices.

A growing number of workers are using PDAs and smartphones to access business networks and applications. In the Nokia study, commonly-used mobile applications included e-mail, instant messaging, corporate database access, sales force automation, field service, CRM and ERP/supply chain applications. Companies without mobile-specific applications may still face mobile exposure through traditional applications. For example, many employees synchronize company e-mail onto PDAs or forward messages to smartphones. Therefore, if lost or stolen, these devices can be used to gain unauthorized access to an oth

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Security Mobile security threats Two-factor authentication: Mobile security at your fingertips Securing your Windows Mobile devices In-the-cloud defenses for mobile malware On-device defenses for mobile malware Is malware coming to a smartphone near you? Protecting data on your BlackBerry Defining your mobile security policy Government regulations and mobile security policies Symbian: Protect your data, not just your device Mobile Policies Mobile device governance Employees using their own mobile devices are a growing challenge Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security policies Defining your mobile security policy Government regulations and mobile security policies Navigating platforms for mobile applications and devices, with expert Craig Mathias Mobile security policies: Why a policy is important Mobile device security: Auditing the airwaves Managing Mobile Users Employees using their own mobile devices are a growing challenge Hospital chain boosts indoor cellular with distributed antenna system DiVitas adds mobile unified communications to its FMC client iPhone Help: Troubleshooting the top five enterprise problems Mobility support and strategy are finally priorities in 2008 User experience, not hardware, is the problem Latest Zenprise offering helps automate BlackBerry support Managing mobile workers Mobile worker strategies Mobile user management: Mobile employees and team-building

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary battery  (SearchMobileComputing.com) enterprise-mobile integration  (SearchMobileComputing.com) Galileo  (SearchMobileComputing.com) GPS messaging  (SearchMobileComputing.com) Microsoft System Center Mobile Device Manager (MSCMDM)  (SearchMobileComputing.com) mobile VPN  (SearchMobileComputing.com) Mobitex  (SearchMobileComputing.com) push voice  (SearchMobileComputing.com) roaming service  (SearchMobileComputing.com) telecommuting  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

erwise private network and applications therein.

Additionally, many mobile devices now support multiple wireless interfaces, creating new attack vectors. Mobile phones with Bluetooth can be "BlueBugged" (used by an attacker to place calls) or "BlueSnarfed" (accessed to retrieve contacts and calendars). Cradled PDAs can become Wi-Fi bridges into corporate networks. When used correctly, wireless interfaces can aid productivity, but safeguards are needed to prevent misuse or attack.

Security policy
To manage these risks, companies need to define which mobile devices are allowed and under what conditions. They should place limits on network and application access, and on business data storage and transfer. Security measures and practices should be required, and processes defined to monitor and enforce compliance.

These decisions should be documented in a mobile device security policy -- a formal statement of the rules by which mobile devices must abide when accessing business systems and data. Such policies may include the following sections: About the author
Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also the guest instructor for SearchNetworking.com's Wireless Security Lunchtime Learning.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.