Mobile security policies: Why a policy is important

Security, unfortunately, is one area where IT professionals are never "done." I work on plans for network installations and upgrades all the time, and we eventually wind up with a list of required equipment, a cutover/migration plan, an operational plan and similar documents covering user training, help desk and other support, and on and on. And, of course, a security plan is always part of the process. But whereas almost all of the installed elements can at some point be declared to be operational and finished for a particular cycle (subject to occasional updates, bug fixes and revisions), security is so critical a component that, in all but the smallest organizations, it requires near-continuous attention. Come to think of it, even small companies should have a good security plan and set of procedures in place, with regular reviews, even if nothing seems to be amiss. As I said, this is the one area where you are never done.

I occasionally give talks on information security, and I love to ask the audience how many of them have never been hit by a security breach or other security-related problem. They almost all raise their hands, and then I lower the boom -- how do they know?

The fact is that information and network security are usually compromised without anyone knowing, at least right away, that anything has occurred, and -- compounding the problem -- there is often no process or set of procedures in place to deal with the problem once it is identified. Knowing security has been compromised is one thing; not knowing what to do about this situation is perhaps even worse. And when sensitive information is in mobile devices that could literally be anywhere -- including lost -- the value of up-front planning becomes very clear indeed.

Everyone will agree that information and network security are important, but the biggest push-backs I get when talking about security relate to two factors: cost and convenience. It is possible t...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Security Mobile security threats Two-factor authentication: Mobile security at your fingertips Securing your Windows Mobile devices In-the-cloud defenses for mobile malware On-device defenses for mobile malware Is malware coming to a smartphone near you? Protecting data on your BlackBerry Defining your mobile security policy Government regulations and mobile security policies Symbian: Protect your data, not just your device Mobile Policies and Procedures Securing corporate data on your laptops Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security: Asserting control over mobile devices Mobile security culture starts at the top Detecting rogue mobile devices on your network Mobile security policies Defining your mobile security policy Government regulations and mobile security policies BlackBerry usage policy and agreement Mobile Policies Mobile device management strategy for diverse mobile devices Mobile device management checklist Future proofing mobile device management Managing mobile device diversity Ensuring mobile data protection for smartphones is critical Mobile device management: What can it do for your organization? Mobile device governance Employees using their own mobile devices are a growing challenge Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

o spend vast sums on security, and this is often justified – as with government and military networks -- but the commercial world has two specific security threats, and one of them is usually minor: the casual hacker. These folks have way too much time on their hands, and this is manifested in the need to cause mischief or obtain bragging rights among the like-minded, or simply in a pathological need for Internet access. But though the casual hacker seldom causes a major meltdown -- and indeed, helps to keep a focus on the need for security in the first place -- the other threat, the professional information thief, is and must always be a major concern.

Driven by profit, these nefarious individuals have detailed technical knowledge of networks and understand and often develop the techniques for cracking nets with a high degree of effectiveness and stealth. Information is often long-gone before their tracks -- if any -- are discovered. But let's be fair: What are the chances of getting hit by one of these guys? Should those vast sums be spent simply in anticipation of an attack that may never come? And with that expense comes the second push-back -- inconvenience. There is little doubt that security measures can and often do affect productivity and create additional support costs. Security solutions that are hard to use are often counterproductive -- users just write down difficult-to-remember passwords or otherwise leave mobile devices unlocked. All that expense can indeed be wasted in such situations.

But, based on the theory that if you don't know where you're going, any road will take you there, it is best -- despite the obvious urgency and criticality involved (to say nothing of increasingly strict regulatory requirements) -- to take a deep breath and start with a plan to tackle your particular security challenge. And this plan begins not with a purchase but with a document -- the development of an enterprise security policy. We'll cover the contents of a security policy next time.

About the author: Craig Mathias is a principal with Farpoint Group, an advisory firm, based in Ashland, Mass., specializing in wireless networking and mobile computing. The firm works with manufacturers, enterprises, carriers, government, and the financial community on all aspects of wireless and mobile. He can be reached at craig@farpointgroup.com.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.