|
 |
|
General Information
|
Add To My Personal Library |
November 28, 2008
• Vol.30 Issue 48
Page(s) 9 in print issue
|
Mobile Phones Invade The Enterprise
What Your Enterprise Needs To Know To Prepare For iPhones, Sidekicks & More
|
Jump to first occurrence of: [WEISMAN]
| Key Points
• You are not required to provide equal levels of support for every smart device.
• Make sure you have a security plan in place that addresses email access, Web browsing, and application downloads.
• Regardless of ownership, you need to be able to remotely wipe any lost or stolen smartphone. | | Back in late 2004, Samsung released a mobile phone with a 5MP camera to the Korean market. When asked why this same phone wasn’t released in the United States, Mike Goodman, then a Yankee Group senior analyst, said that people in the United States don’t use their mobile phones for much more than talking and for text messaging. “Video is far off. Online banking is very far off,” Goodman said.
How times have changed. BlackBerry has been providing push email and Web browsing for many enterprises for some time now, and according to research firm NPD, Apple’s iPhone 3G was the top-selling handset in the U.S. market during the third quarter of this year, outselling even Motorola’s seemingly ubiquitous RAZR.
Not surprisingly, more and more enterprise employees are using smartphones to do the work that laptops did only a few years ago. But unlike laptops, which are often issued by the organization, these employees typically want their iPhones, Sidekicks, and BlackBerrys to bridge the gap between personal life and business. It’s common to see an iPhone, for example, accessing an Exchange mail server while its user listens to music via iTunes.
 However, it goes without saying that you probably aren’t comfortable with iTunes distributing applications to your iPhone-carrying employees, and you probably don’t want to have to allocate IT resources to support every latest and greatest device out there. So, short of banning these devices (and good luck telling your C-level executives that they can’t use the smartphone of their choice), what things can you do to handle the onslaught of all these smart devices?
 Varying Levels Of Support
No hard-and-fast rule exists requiring you to provide equal support for every smartphone. Tom Cross, mobile security expert at IBM’s X-Force security research organization (www.ibm.com), says that smartphones don’t need access to every endpoint on your intranet, nor do they need the same access that laptops have. “If you have the means to provide a more constrained firewall rule for mobile devices that limits their intranet access to services that you would reasonably want to use from a phone, then that’s one less thing you have to worry about,” Cross says.
Ahmed Datoo, vice president of marketing at mobile security solutions provider Zenprise (www.zenprise.com), says you might consider offering varying support levels for each device. “If you buy the standard enterprise-supported platform—let’s say it’s BlackBerry—you’ll get full support, but if you decide to deviate from that standard and buy something else, we’re going limit your ability to download applications from this device,” Datoo says.
Also, Datoo points out that Microsoft Exchange is set by default to allow any mobile device to configure and retrieve mailboxes on the corporate network. IT can set Exchange so that this access is restricted, requiring users to petition IT for access—and providing IT with greater control over the devices that connect to the network.
Securing Email & Web Browsing
According to Dr. Paul Judge, CTO and co-founder of SaaS security solutions provider Purewire (www.purewire.com), email and Web browsing are the two primary areas that IT needs to secure before letting smartphones have access to the network.
Email security is fairly clear-cut because incoming and outgoing email must first pass through your company’s mail server. “The nature and design of email allows you to [secure email] in a centralized manner,” Judge says. Standards such as SMTP help in monitoring emails for spam and viruses, he says.
Web browsing requires more effort on the part of IT, Judge says. By default, a mobile device doesn’t have to come back through the enterprise to reach the Web, and so users have the potential to visit any site and download malicious programs. Judge suggests two possible approaches. You can install security software directly on the mobile device so that it is secure at the endpoint. Alternatively, you can access processing and security analysis in a cloud-computing environment, so that the computer-intensive processing doesn’t have to happen on the smart device. “The mobile device can point outbound traffic to the cloud, and all the filtering and analysis happens in the data centers,” says Judge.
Passwords & Remote Access
IBM's Cross recommends enforcing a strong password policy. "If you enforce a strong password policy that requires people to unlock their phones before they access email, that's something that can be helpful to you when, inevitably, one of these phones disappears, and you have to decide what the implications are,” Cross says. Many smartphones allow you to enable certain functions without a password while requiring passwords to access email or logging on to the corporate network.
In addition, Cross says it’s crucial to establish a procedure for remotely wiping a smart device should it get lost or stolen. “If you don’t establish this process in advance, then it may take some time before you get notified that the device has been lost, and that increases the exposure window,” Cross says. “In addition, when the employee’s phone disappears, they’re probably going to want another one, and so that’s the place where you can start the process of replacing it.” 
by Robyn Weisman
What To Do
You can support BlackBerrys, iPhones, and other smartphones within your SME, provided you have a reasonable plan of action in place.
First off, don’t feel obligated to provide identical levels of support for every device. If you have a BlackBerry server in your data center, for example, it makes sense to reward your BlackBerry users with more functionality than, say, your iPhone users.
Next, secure the two major threat avenues for smart devices: email and Web browsing. You can do so by securing endpoints, employing automation, and putting your security muscle in the cloud. Outsourcing mobile security is often a great way for SMEs to tackle the problem.
Finally, establish a procedure for when a smartphone is inevitably lost or stolen, regardless of whether the smartphone is employee-owned or company-owned. Employees are motivated to follow these policies when they offer a means for them to replace their devices and again have the ability to access the corporate network in a timely manner. |
|
|
