Enterprise Mobile Device Security – Part 3
Having covered the software side of enterprise mobile device security in Parts 1 & 2, this blog will cover the hardware options to make your device and data secure.
If you are thinking “adding an SSL or Mobile VPN and device management software seems expensive why not cut out the data over the air and just use local Wi-Fi or docked Ethernet when in the office”. Limiting data transfer to within the four walls makes it very difficult for “eavesdroppers” to listen in. Jobs for the day can be synchronized to the device over night, the user can complete the jobs throughout the day and then return the unit to a cradle when the shift has finished.
This obviously limits what the mobile system can do. No new jobs can be sent to the user, no changes to the jobs, jobs cannot be assigned to a different user, no remote support or monitoring no results sent back in real-time so orders cannot be processed until the next working day. Overall when going mobile the pro’s of using a secure connection and device management outweigh the con’s.
With hardware, how can a log in confirm the user is psychicaly present? Using a biometric finger print scanner is one option. The user can slide their finger over the scanner which will confirm it against the device or against the backend server. It makes the device very secure as only that specific user can login. Application can also asked for user name and password is the finger print scanner becomes damaged or too dirty. You will find a bio metric scanner on some laptops and rugged PDAs such as the Motorola ES400, or an attachment for the MC75a.
Instead of finger print sensors, an alternative option is a smart card. Just like a security card is using to access through a door, a user can touch a smart card to a sensor. The card can then be validated over the network and the user granted access. The issue with this is that a user can still lose the card. If available for your chosen device like a rugged handheld the initial purchase and card replacements will not be cheap though.
The last hardware piece to cover is a TPM (Trusted Platform Module). These chips are installed on the motherboard, which store certificates, passwords, but primarily encryption keys. Threat of hacking (software or accessible hardware) or physical device theft is reduced, and device authentication must pass via this chip. Currently these chips are only found in desktops, laptops like the XRW and tablets but could be installed to all devices.
So in three parts we have looked at device security out of the box, the potential problems if not secure and the options available to further secure you device, data and network.
Key point: Think about mobile device security in the planning stage and before your project gets off the ground!