Enterprise Mobile Device Security – Part 2
Enterprise Mobile Device Security Part 1 covered the basics of locking down a device using the in built features. These are a good start to locking down a device/applications but more can be done to be ensure device and data integrity.
A mobile application normally always require a login ideally with an admin console back in the office where the passwords can be easily controlled by an administrator. Linking the password to Active Directory is another security feature some applications can use meaning the credentials will be confirmed against the business network.
This means password polices can be enforced, and user only needs one login to access the network from PC or mobile device.
Passing login data and and other sensitive data over the Internet in plain text is never a wise option. “Eavesdroppers” can essentially pick out the data travelling from device the server. The quickest and cheapest option is the add a SSL (Secure Sockets Layer) certificate on the server. This certificate provides encryption (usually 128-bit encryption and above) meaning only the device and server can de-crypt the data. An SSL certificate is also recommended when using web applications. You’ll commonly see an SSL certificate when entering payment details for online shopping.
A step above SSL is to use a Mobile VPN. There quite a few Mobile VPNs available from service providers but also available as software to purchase. An example is Mobility XE. Software such as this allows remote workers secure, and robust access to network resources. They offer FIPS 140-2 (Federal Information Processing Standard Publication 140-2) encryption which is a US government standard for non-classified information. Needless to say it is highly secure with very strong encryption levels. This level of encryption is becoming more and more popular with large organisations and local government.
When the communications is secure the next step is to lock down and control a device. There are a few different options for this. First is a simple lock down tool on the device, the master device is locked down, allowing access to specific applications and settings such as Bluetooth settings. This master file can then be deployed to rest of the device pool. The next level above this and a method of mass file deployment is a device management platform. SOTI MobiControl is a very popular product for just this.
MobiControl has lots of enterprise mobile device security features including configurable device lock down, remote control and help desk, location tracking, deploy files/software, allow/deny access for resources, enforce security policies and importantly manage a number of differing OS devices in the same pool, and kill the device if stolen. Killing device means the device will become inoperable by the thief.
Limiting and allowing access to specific websites can also increase productivity if the user cannot surf the web or access games on the device. There are other similar offerings, but SOTI is probably the most popular now, especially as Motorola now recommend SOTI as the remote management tool of choice.
Some application software can provide lockdown and remote control out of the box, but it very much depends on how many units the customer has and the level of remote support/control the customer wants to provide its users.
There are many software solutions for security, of which the more popular have been covered. Security of your data is down to the customer and the sensitivity of the data. The more sensitive the data, or desirable to a third party you feel it is, the more secure the data should be.
The final part in this series next week will look at security hardware for your mobile device.
Do not get spooked by potential enterprise mobile device security problems call us to discuss how we can help your project to address your key business issues.