Smartphones Need Smart Security

Yes, it's 'blue and plays music,' but that cute smartphone is also a serious computer that must be secured

1 2 3 4 Page 2
Page 2 of 4

Despite all of the security risks, "two out of three organizations are struggling in terms of not only defining but enforcing IT and business policies around mobility," Winthrop says.

Girard concurs that companies have been slow to realize the implications of a phone-related data breach. "If clients do call and ask about phones, they're asking me to render an opinion that reduces their liability for employees using smartphones, [rather than] trying to do something to improve security," he says. "I'm waiting for the level of concern to grow up and match what exists for PCs."

And it should. Whether companies buy smartphones for employees or just allow their use, it's the company that's liable if data gets exposed, Winthrop says.

Technology to centrally secure and manage smartphones, whether via a third-party platform or from smartphone vendors themselves, does exist. Most analysts agree that, among smartphone vendors, BlackBerry maker Research In Motion Ltd. (RIM) and Microsoft Corp., with its latest version of Windows Mobile, provide the best management platforms.

For other devices -- or for companies that support phones from multiple vendors -- there are a variety of options, including management software from vendors such as Credant Technologies, Good Technology, Sybase, Trust Digital, Trend Micro and MobileIron, among others. Key capabilities offered by such platforms include centralized control of the following:

  • Password management.
  • Authentication authorization.
  • Strong encryption.
  • Inactivity timeout, in which users are logged out of an application session after a specified period of inactivity and are prompted for a password to restart.
  • Remote wiping of memory if a device is lost or stolen or if the user enters his authentication credentials incorrectly a given number of times.

Central control

At Robinson Lerer & Montgomery LLC, CIO Jeff Saper has approached the security challenge by standardizing on the BlackBerry, which is issued to all employees at the New York-based strategic communications firm. Saper uses several of the 450 wireless IT policies and commands provided by BlackBerry Enterprise Server. The firm has also used Good Technology's platform to handle Palm and Treo devices, but Saper turned exclusively to BlackBerries when he decided to keep things consistent on a single platform.

Security measures include inactivity timeouts after 10 minutes of nonuse, and remote wiping of the devices if there is any fear of data compromise following a loss or theft, or if the password is entered incorrectly more than 10 times. "Even if someone could hack the password, it's safe," Saper says.

Most important, he says, users can't disable any of the security functions.

With remote wiping, it's important that data is backed up to the BlackBerry server so that it can be restored, Saper says. He can restore message history too, because the server ties into Microsoft Exchange. Such backups can make clear what data is on a device and hence what would be vulnerable if the phone were stolen, Girard points out.

While other platforms can perform remote wipes, the BlackBerry server also provides confirmation that the wipe was accomplished, which would give a company a stronger position if a case involving a smartphone data breach ended up in court, he says. "If you can't prove you did the wipe, it doesn't sound good," he adds.

1 2 3 4 Page 2
Page 2 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon