Access to corporate data must be secure while remaining easily accessible. Remote tools and technologies, such as OTA (over-the-air) virus protection distribution and upgrades, are effective ways to support a mobile workforce.
More employees are using their mobile devices for work. While organizations can lock down organization-owned mobile devices with policies and established technologies such as BlackBerry Enterprise Server, personally owned mobile devices require a new framework and policy structure.
Organizations must shift their security thinking, develop new policies and implement technologies that maintain enterprise security without degrading the experience that users value in these devices.
Personal mobile devices are easy to lose and for thieves to steal - along with all the sensitive enterprise data on them. Threats of mobile malware and malicious mobile applications are real.
Several security methods may be applied to ensure company documents and mobile devices stayed protected.
By applying data encryption devices can be secured against security breaches if ever lost or stolen.
Device-based security technologies such as password-based entry, remote lock/wipe, and built-in encryption may satisfy security requirements for some organizations. But for more-regulated industries or companies that handle sensitive data, a higher level of security assurance is needed.
Mobile technology vendors with good security platforms include: AirWatch, Citrix Systems, Good Technology, McAfee, MobileIron, and Sybase.
Organizations that want to allow employees to use their personal devices in the workplace must have a mobile policy. The first step is creating and executing organization rules for personally owned mobile devices.
Here are some simple suggested rules to start a mobile policy:
- Employees must use password-based entry and locking features.
- IT reserves the right to manage any mobile device with access to corporate data, including those that are personally owned.
- The organization reserves the right to monitor the activity of personal mobile devices when they are in the company network.
- The organization has the right to restrict access to confidential data if necessary.
- Employees should follow Internet acceptable use policies while in the corporate environment.
- The company isn’t responsible for damage to personal content due to corporate management functions imposed on the device.
- The organization can disable any mobile device access to corporate resources at any time deemed necessary.
- Users must inform IT if the device is lost or stolen.
- If the device is stolen or the employee leaves the company, the IT department should be able to wipe company data from it remotely.