The Tidal Wave of Mobile Computing is Upon Us
The proliferation of mobile devices and the popularity of Bring Your Own Devices (BYOD) are creating new security challenges for enterprises. Employees are buying their own mobile devices, bringing them to work, using them to access both personal data and business data. Applications are expected to work not just over the Web but over the air. Data has never been easier to access and more difficult to secure.
Security attacks against consumer mobile devices are also expected to increase, now that these devices are storing and transmitting valuable business data. IBM expects the number of software exploits aimed at mobile devices to double this year. Meanwhile, industry regulators will continue to scrutinize enterprise networks, even though 73% of CIOs believe their mobile IT infrastructures are not yet secure enough to pass an audit. (Gartner) (For more information about mobile security threats, see sidebar)
How should executives make sense of these changes and challenges?
Mobile Policy Management: Details Still Matter
Mobile security solutions need to be detailed and flexible enough to let IT managers define and enforce policies that vary by position, department, geography, and security level. Policies should be able to restrict access to apps, files, and workspaces according to an employee’s role in the organization. Enterprises need mobile security policies that are as specific as the policies governing employees working on desktop computers and other in-house systems.
Mobile Device Management: Useful but Not Sufficient
Mobile Device Management (MDM) solutions enable IT organizations to provide over-the-air (OTA) updates of applications, configuration settings, and data to mobile devices, including smartphones and tablets.
As users work more frequently with digital video and graphics, file sizes are ballooning past the traditional 10MB file-size limit imposed by email. Users need an easy way to share files of all sizes with colleagues. File synchronization, which users can configure in a browser with no official IT intervention, seems to be the answer, managers can use MDM systems to control which mobile devices are granted access to internal resources. Should a mobile device be lost or stolen, IT managers can use MDM to erase the device remotely the next time it connects to the Internet. Leading MDM solutions include product offerings from BoxTone, Good Technology, and MobileIron.
MDM, however, does not provide the features needed for securely integrating flexible file-sharing practices in the field with existing file sync, storage and collaboration services provisioned in the office.
Security for Mobile Apps
One of the great things about mobile platforms such as Apple iOS and Google Android is all their custom applications (apps).However, apps are also one of the biggest threats to enterprise data security as there are literally hundreds of thousands of them.
In April 2011, Google had to remove 58 applications from the Google AndroidMarketplace after it was discovered that the apps contained rootkit malware. By then, the apps had been installed on over 260,000 devices. To ensure that the devices were safe, Google had to remotely wipe the devices clean, deleting all their data.
Users must be careful about what they download. Malware could infect a mobile device, leak data to hackers, infect systems on internal networks after a sync operation, and become a vector for a major internal malware attack.
An effective mobile security solution must include tools for limiting access to apps and ensuring that, once installed, they behave properly and pose no threat.
Putting It All Together: Secure Enterprise Content Mobility
Secure Enterprise Content Mobility brings the rules-based access controls, data encryption services, and reporting logging associated with enterprise content management solutions to mobile devices. It gives users access to the business data they need, anywhere, any time, and on any device, including consumer devices such as iPhones, iPads and Android phones. Along with screening of devices and mobile apps, Enterprise Content Mobility provides an essential layer of security and control for enterprises with mobile users.
Best Practices for Secure Enterprise Content Mobility
To support Secure Enterprise Content Mobility, enterprises should think of devices, content, apps, and security. Here are some best practices:
Support More Devices
A Secure Enterprise Content Mobility solution should support whatever mix of mobile devices users are carrying. In organizations that have adopted BYOD policies, Apple iPhones and Android phones are replacing BlackBerrys, but all three platforms remain popular. In the course of a typical day, many employees use multiple devices running different operating systems, so supporting a single user might involve supporting both BlackBerry and iOS.
Support Better Content
When you’re on the road, getting a file and immediately understanding why it was revised and what sensitive issues it contains is invaluable. Secure workspaces that provide context for data, make it easy for mobile users to track discussions and revisions of important files. Providing context eliminates the need for perfunctory back-and-forth communications, such as long email threads about document revisions. When employees can quickly find and understand the data they need, they become more productive.
For organizations using enterprise content systems such as Microsoft SharePoint or Autonomy iManage, it only makes sense to integrate them with new services that support mobile users.
Extend Mobile Security
Deploy a Secure Enterprise Content Mobility solution with dashboards and logging features that give administrators complete visibility and control over file-sharing activities and mobile access policies. Administrators should be able to enforce detailed access controls for individual files and for shared workspaces, going beyond the typical app and data security controls of MDM solutions. Files should be encrypted both at rest and in transit. File owners and administrators should be able to set expiration dates for files, so sensitive data isn’t left exposed on servers. A mobile content security solution should ensure that mobile access never jeopardizes data security or regulatory compliance.
Data on mobile devices needs to be secure, but mobile workers also need to be productive, communicating and collaborating with their co-workers and other peers. This often means exchanging sensitive data with partners, consultants, and even customers—users who are not likely to have accounts on an internal LDAP server. A mobile content security solution should support legitimate “cross-boundary” communication without turning mobile communications into a free-for-all.
Finally, the solution should include security and audit controls that support compliance with regulations such as GLBA, HIPAA,SOXand emerging EU privacy legislation. Ease-of-use and employee productivity should never come at the expense of industry regulations and federal and state laws. Enterprises need to stay compliant while making life easier for their mobile employees.
By following these best practices for Secure Enterprise Content Mobility, you’ll give your mobile workers access to the critical business data they need, anywhere, any time, and on any authorized device, including tablets and smartphones. Enterprise Content Mobility provides an essential layer of security and control for mobile computing, ensuring that greater convenience and productivity never come at the expense of security.