From possibly causing cancer to posing a major security risk to the enterprise, the smartphone just can’t cut a break. The truth is, smartphones are here to stay, especially in the enterprise. Like many other IT versus the world conflicts, the solution isn’t a yes or no policy to their usage, but a set of security policies and guidelines just like with any other technology adapted by the enterprise. Smartphone security and encryption can be a tricky road to navigate, so take a few things under consideration before deciding.
Assessing the Situation
Like any other policy, there are several factors that go into the crafting of mobile security. Here are a few points to consider when discussing options amongst your team:
- Rather than looking for the cheapest (or the free-est) application available, assess your company’s mobile encryption needs before beginning the search. Minimizing time wasted will minimize the frustration and loss when incorporating mobile phone security into corporate policy. If you need support for multiple smartphone operating systems, start your search with that detail.
- Part of your assessment should include your enterprise’s primary security focus and needs. Whether you need the option of remote data-wiping or authentication, knowing these details ahead of time will help to increase efficiency.
- Once you’ve decided the features your users and data need, you need to allocate some of your security budget to ensuring the data on and accessed by these smartphones is secure.
- Just like endpoint security has lowered the risk of laptops remotely accessing networks, smartphone encryption software can help you adapt to the changing nature of the enterprise. To better ensure the smooth incorporation of these devices into your operations, you’ll need to incorporate them into the in-place central management system. Treat mobile devices as normal factors in everyday operations (rather than a device sent solely to cause your headaches) and implement its use and security like any other enterprise-level product.
Some smartphone encryption options after the jump.
Understanding Your Options
Here are just a few options for smartphone security and encryption:
- Built-in smartphone encryption: This out-of-the-box encryption is rare and often lacking certain necessary features. The iPhone offers remote wipe capabilities in the case of loss or theft; though there’s not much else available for the platform. Apple’s insistence that the iPhone is enterprise-ready is continuously met with skepticism. The PalmOS has applications available, though it does not offer built-in encryption.
- Blackberry lovers: For those addicted to their Blackberry, they offer Blackberry Enterprise Server (BES), which includes local data file security, central management, and AES encryption on authentication passwords.
- Windows Mobile: AES 128-bit encryption for emails, tasks, calendar and a My Documents folder, with the option to enable this security on SD cards, which will then be unreadable on all other mobile phones.
- One Size Fits All: Smartphone Protection from GuardianEdge Technologies Inc. provides encryption and central security management for iPhones, Windows Mobile and Palm.
One of the most important parts of any policy is allowing for more efficient working conditions without compromising security. By exploring your options, you’ll be able to embrace the inevitable adoption of newer technologies while minimizing the anxiety of new threats and vulnerabilities.