- Where do I start when securing mobile devices?
- Who is responsible for device security?
- What security do mobile devices need?
- For the mobile devices I do need, isn’t password protection sufficient?
- So how do I secure the data itself?
- How do I manage passwords and encryption across the devices?
- I can’t find sufficient security tools for PDAs, smart phones and so on. So how do I handle them?
- Are there other risks I should watch out for?
- What does mobile security cost to implement?
Usually you can manage laptops using the same network, asset and client management tools that you should already be using to manage and secure your PCs. The key is to ensure these tools support disconnected users, keeping the last set of protections and policies in place on the device when it is not connected to the network, then updating any policies, malware signatures and required password updates before a mobile user can connect to enterprise systems such as e-mail and file servers.
It’s harder to manage other mobile devices, since their wide variety has made it difficult for security and management vendors to cover all the possible bases. Some management products come with add-ons for select mobile devices, while in other cases you will need to have separate management tools in place. It’s best to see if you can extend your current management suite to cover your mobile devices, perhaps through custom extensions, rather than introduce new management tools that increase training, support and management complexity.
Research in Motion’s BlackBerry offers a complete set of handheld security features: full-disk encryption, e-mail encryption, and remote management features such as the ability for IT to wipe out the contents of a stolen or lost device. Devices using Microsoft’s Windows Mobile operating system have an array of products available to enforce passwords and synchronisation control from vendors such as Bluefire Security Technologies, Hewlett-Packard and Symbol Technologies. Note that Windows-based smart phones sometimes can’t run these tools because they don’t have sufficient hardware resources. Newer Palm devices, such as the Tungsten C, support whole-disk encryption and strong passwords, but older models typically have little to no security. Credant Systems, Palm and Trust Digital are among the providers of Palm-oriented device security tools.
I can’t find sufficient security tools for PDAs, smart phones and so on. So how do I handle them?
The available technology for devices other than laptops is often insufficient to assure security. One reason is that PDAs and smart phones typically don’t have the horsepower or memory to run whole-disk encryption. Another is lack of attention to mechanisms such as enforced password protection in PDAs, smart phones and other handhelds. Even when the devices have the hardware and operating support for enterprise-class security, the large variety of devices and operating systems has made it hard for vendors to cost-justify developing security tools for any specific hardware/operating system combination.
Therefore, many devices simply cannot be secured. In those cases, you should ban them from your network or restrict them to the same information you would make publicly available, such as in a lobby wireless LAN for visitors.