Technologies like secure containers and mobile information management deal with the problems associated with corporate information stored on mobile devices. The other approach to securing that information is not to store it on the device in the first place.
Some companies have taken to virtual desktop infrastructure (VDI) systems from the likes of VMware and Citrix to address mobile security. Both vendors offer clients that run on smartphones and tablets, though given the screen-size requirements, they are more often used on tablets.
The beauty of the VDI approach is that all of the corporate data remains in the cloud, and users get access to it over a secure connection. As the connection is secured all the way from the mobile device to the server, it can operate over cellular or even unsecured Wi-Fi networks.
More from this series
MIM starts with encryption, password protection
Techniques for mobile data loss prevention
When the session is ended, any sensitive data is erased from the device. The user will need a password or whatever other mechanisms the organization requires for access, but all of that can be administered from the server.
It is important to test how virtualized applications perform on mobile devices, since applications that were built primarily to work with a keyboard and mouse don't always deliver a good user experience on a touchscreen tablet.
Most organizations consider a mobile VDI approach only if they have already invested in one for their desktop/laptop environment. Zix Corp. has developed a VDI-like offering called ZixOne specifically to provide secure email, calendar and contacts to smartphones and tablets.
Rather than require them to invest in a full VDI infrastructure, Zix's approach is targeted at organizations that need basic capabilities on mobile devices and want to secure them without having to resort to MDM or other third-party tools. As with a full-blown VDI solution, when a user ends his email session, all of the corporate information is erased from the device.
Determining how to protect mobile data
Managing and securing mobile applications and data is a multifaceted endeavor. Given the range of exposures and fact that the severity differs on the various mobile platforms, IT and security professionals must approach this issue with great care.
The good news is that the tools for managing security on mobile devices have improved greatly, and many can boast compliance with regulations such as Federal Information Processing Standard 140-2 and the Defense Information Systems Agency's Security Requirements Guide for mobile operating systems. These certifications are generally required only in government and some regulated industries, but they are a welcome security blanket for any organization concerned with MIM and security.
The challenge is to determine which security tools are the most appropriate for a given environment. The key is to have a mobility policy that specifies the requirements for information stored on mobile devices. An MDM system should enforce security policies.
Unless you have identified the security capabilities you need to enforce, you really can't shop for an enterprise mobility management system. Mobile policy development and management software selection are typically done in tandem because discussions with MDM suppliers often uncover security issues that should be addressed by the policy.
The move to BYOD was a wakeup call for mobile security because information security is a key IT responsibility -- regardless of whether the mobile device in question is company-provided or user-owned. Unless an organization opts for a solution that avoids storing corporate data on a mobile device, systems will be needed to protect that information.
Security professionals like to talk about "defense in depth." The bigger challenge in mobile security may be "defense in breadth," recognizing the number and diversity of devices to be addressed. The tools to accomplish that mission are available, so the challenge now shifts to selecting and implementing the most appropriate tools for your unique environment.