Mobile devices can play a vital role in the effectiveness and efficiency of workflow; however, they can also pose a serious threat to the security of sensitive information. The beauty of mobile devices is just that; they are mobile. If you are running late, or are out of the office, you can still be productive in your work related tasks. On the other hand this is causing quite a bit of controversy among professionals working with and around sensitive information with regard to the security and integrity of the shared data. This is especially a concern in a ‘Bring Your Own Device’ (BYOD) environment.
Why Mobile Device Management is an IT Security Issue
Not long ago, IT Departments were only accountable for the network devices on the property of the organization, and perhaps a few laptops that traveled for the company. With the evolution of iOS and Android smart phones and tablets, users are now able to take applications, emails, and other data with them on their own devices. This poses a significant challenge for the IT staff. The fact that you are moving with the data means that the physical environment of the data changes frequently, but most importantly, the IT staff has reduced knowledge & control of the environment. Without the ability to know and control the environment, there is naturally no way to guarantee information security or integrity.
What Security Dangers Do Mobile Devices Pose?
As this “technological merger” has become more wide-spread there have been a host of IT security breaches that have validated the need for mobile device security. One of the biggest factors that play into the complication of the solution is that the devices are on the go. They constantly connect and disconnect from Wi-Fi networks, Bluetooth devices, and even email and data transfer. Many of them offer 3rd party programs and games that are poorly designed, not secure and may be used as access points by malicious data thieves. The risk of a breach of confidential information leaked from an unprotected mobile device is extremely high. Mobile devices alone account for slightly over 50% of all HIPAA data breaches.
What Is Needed For Superior Mobile Device Security?
Regardless of where the device is located or who purchased it, if it is being used for business purpose or has access to protected information, your organization has a responsibility to protect that data. This means all of these devices must comply with corporate policies and standards.
Many professionals have personal mobile devices to which they tend to place applications and email connections with little regard for security. Loricca recommends that an organization maintains control of all the mobile devices used for or with access to business data and networks. We also recommend that the IT Security Professionals responsible for these devices maintain full control of all software and functions of the devices remotely and secures these devices with proper encryption. This ensures that your organization can respond as quickly as possible to mitigate any security breach and void the mobile device and the information on it.
Encryption for Existing Mobile Devices
There are a number of new options to secure and encrypt your Android or iOS devices. One such option is the SOPHOS Mobile Control ® Suite and SOPHOS Mobile Encryption®. This application will partner with existing hardware to create a partition of the storage system. One partition will be dedicated offering encryption and security for all of the sensitive information; the other partition will be dedicated to “user space” for non sensitive data. Another key feature of the software is that it can be loaded onto existing phones with data already on them. You are not required to load it on a brand new phone.
Dell Data Protection: Mobile Edition is another security and encryption solution for mobile devices. The software fully integrates with Dell Data Protection Enterprise Platform. This allows IT to inspect, install or remove profiles, remove passwords, and remotely wipe devices. Policies and restrictions can easily be set or adjusted and pushed over-the-air to managed devices and the enterprise software offers compliance reporting as well.
These are just two of the many tools that offer remote management, encryption, and enforcement of policy, password strength and remote wipe in case of loss. Combine these security features and the end result is true enterprise management of all included mobile device partitions either on a local network or remotely.
What You Can Do to Protect Your Organization’s Sensitive Information on Mobile Devices
We would first recommend a Security Risk Assessment to map out and analyze the current security posture of your Mobile Device Management system/process. There needs to be an analysis of all devices, threats and vulnerabilities. Once there is a benchmark, or starting point your organization will be able to begin to move toward superior mobile device security.
If your organization is not using any of the above mentioned tactics and methods to protect your sensitive data, or if you would like to discuss your mobile security options, please CONTACT US today to begin the journey to superior mobile device security.