James Thew - Fotolia
Few things in mobile are more difficult to do well than security.
No two security rules or approaches are alike, making it very easy to overlook something, which can turn into a data breach. IT must know the most common security mistakes found in mobile and how to avoid them.
Don't make security an afterthought
In many organizations, IT security teams are often synonymous with telling people what they cannot do, and enacting cryptic password policies that result in the "Post-it password." So what do people do? They ignore mobile security tips because they see them as a nuisance, preventing them from getting their work done.
When building applications, sometimes companies will go to security for their final OK right before rollout, and chances are that they'll say no, ending up with delays in deployment. Best-in-class organizations involve their security teams right from the start and build security into the entire development process.
Don't assume perimeter protection is enough
IT used to be taught that the best way to secure your network is to build a giant moat around it and let very few trusted people inside of it. The problem? The perimeter-defense approach assumes employees are inside the network, and that is in direct contrast to what mobile is all about.
Today's mobile-first world requires a multi-tiered security approach, with the focus on the data itself. At the device level, companies should use an enterprise mobility management suite as a bare minimum to protect devices. Businesses also must protect the applications themselves. Multifactor authentication is very common now, but is not required; sometimes even just a username and password or biometric marker is enough. IT needs to protect the data, both at rest on the device and in motion when accessed by the application.
Pay attention to privacy regulations
In mobile security, the rules change from continent to continent. Europe is particularly known for its stringent privacy rules, preventing organizations from collecting or using any personally identifiable data. All data and reporting must be anonymized and discussed with the local unions or worker councils. The recent Privacy Shield legislation has made the use of American-based cloud tools safe for storing European data, but it does not replace the personal data protection laws that exist in many European countries. To manage this, many global organizations create different geographically-driven profiles to collect and use data where it's permissible.
Don't overdo it
With this combination of mobile security tips comes the danger of overkill. While security is of paramount importance, there is such a thing as too much. Mobility is about convenience and flexibility; if there's too many mobile security measures within the mobile management or application development policies, it will become a shiny system or application that nobody uses.
Successful organizations strike a balance between security and usability. They include IT, human resources, legal, security, the help desk and the target user base in their project planning. The groups should work together to develop their minimum security needs, maximum security wants and usability guidelines.
There is no silver bullet approach, as each organization and each application audience is different. For the greatest chance of success, take an "everything in moderation" mentality to mobile security tips. This approach provides secure applications while honoring one of the founding principles of mobile -- the need to get information fast and by nontraditional methods.
Apple iOS pushes two-factor authentication
Why mobile-first must go beyond mobile
How to promote productivity for mobile workers