The tricky balancing act of mobile security

Your workers' smartphones could be the weakest link in your security plan. Here's how to protect the devices and secure the data.

The march toward mobility at Scotiabank is pretty typical: first laptops to enable alternative work arrangements for employees, now smartphones and tablets to give workers anywhere access to information.

The Toronto-based bank, with 83,000 employees worldwide, deployed company-owned BlackBerries several years ago to personnel who require them to do their jobs more effectively, and has since asked select staffers and IT support people to pilot other smartphone brands as well.

The approach to securing those mobile devices is typical, too. The bank uses BlackBerry Enterprise Service mobile device management (MDM) software. It also requires employees to sign statements saying that they agree to let IT erase data from devices that are lost or stolen, and to take control of devices if there's a legal investigation, says Greg Thompson, vice president of enterprise security services and deputy chief information security officer at Scotiabank.

But as both the demand for mobility and the bring-your-own-device (BYOD) trend grow, so does the need for more advanced mobile security policies, procedures and technologies, says Thompson, who is a member of the board of the International Information Systems Security Certification Consortium, or ISC2, a nonprofit IT security professional organization.

The challenge, as Thompson and others see it, is allowing workers access to the information they need when they need it without compromising the data or the IT infrastructure.

On its face, that's not much different from what IT departments have been doing for decades, first with desktops and then with laptops.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon