J.A. “Bud” Younke, CDRP, MCSE, MCP, A+
With the proliferation of remote computing capabilities in non-standard form factors like smartphones and tablets, securing an organization’s data represents new challenges to the IT personnel tasked with data security. Data stored on many of these devices is not as easily identifiable as in the filesystem of standard computers making it tougher in many cases to determine that data exists on the device. It is often not necessary for a user to ‘click save’ in order for data to be stored on the mobile device.
Those responsible for securing this data must be aware of the capabilities of all devices which are permitted to connect to the network or any resources of the organization, such as email. Policies and controls should be implemented to restrict the types of devices which can connect, the method of that connection, and any requirements for the devices such as encryption, or virus protection.
A well thought out policy and user education are the most important tools in ensuring that a mobile device does not become a source of a data loss. The support of senior management in implementing and enforcing those policies is critical to the success of any effort to secure the mobile device computing space.
Basic questions to ask
1) What data should be available to mobile devices?
2) Will support be provided for personal devices or only for devices provided by the organization?
3) What devices will be supported and what capabilities of those devices will be implemented to achieve our goals
4) What controls can be put in place to ensure policies are followed?
As with any evolving technology, the use of mobile devices in an organization’s computing infrastructure can make it easier for the end users to perform their daily duties. The trade-off is the effort needed to ensure the data they need remains secure.