Enterprise Mobile Device Security – Part 1
The level of security required very much depends on the type of application you are running and the confidentiality of the data. So out of the box what enterprise mobile device security can you expect?
As standard a device can use a PIN code, password or pattern to unlock. Some require a simply swipe of the screen. But these are not set off the shelf. Users/Admin have to setup up the PIN/Password. If the device is lost/stolen the data can be accessed instantly.
Tablets PC’s with Windows 7/8 have the ability to easily add another PIN/password in the BIOS start-up.
If the user must set their own PIN this can create another issue for BYOD Bring Your Own Device deployments. What if the user hasn’t set a PIN and the phone is constantly unlocked? Does the application require a password? Does the application lock after X minutes on standby?
Using an application which can lock automatically after X minute standby is a very useful feature. Not only does it stop prying eyes and keeps confidential data safe, it also means if lost/stolen the thief can’t complete bogus work orders, delete/add/edit or steal customer data etc. It also stops application being opened accidentally, buttons tapped or emergency services accidentally dialed while in the users pocket.
Where is the data held, and is the data encrypted? A feature of Windows Mobile 6.5 is an application to quickly encrypt the SD card. This prevents data from being read if removed and inserted into a PC. This is not the case on Android.
If an application is accessed over the Internet this removes the need for some device security as long as the web application requires a log in each time it is accessed.
Key Point; These methods of locking down a device are VERY basic and there are still vulnerabilities to the device and data. Remember that it is the data your worker is carrying around that has the value not the unit itself. What happens when a device IS stolen? How to track a device or kill a device? What about the highly sensitive data being transferred over the Internet? Remote control of a device? Secure Logins using Active Directory or Smart Cards and Biometrics?
Tune in for Part 2 next week.