Security: Security should be front of mind
Recent Gauteng Business News
Since smartphones are personal in nature, they can go everywhere your users go. This means that there is a good chance that some of these devices are going to be lost, stolen or left behind. It is imperative that any mobile solution an organisation deploys does not expose corporate or personal information, even if the physical device gets into the wrong hands.
Organisations that are implementing mobile and wireless solutions should have three issues at the top of their minds. Firstly, they need to protect the information that is sent outside of their networks. They also need the ability to apply their corporate security policies to the way that mobile devices are used. Finally, they must ensure that they comply with the various laws and regulations that govern information security and privacy in their businesses.
One of the first things an enterprise should look for in a mobility solution is robust security and protection for data in transit. The BlackBerry Enterprise Solution, for example, uses strong encryption that has been validated by various security standards bodies, such as the Federal Information Processing Standards (FIPS) program run by the National Institute of Standards and Technology (NIST) in the US, and the Communications Security Establishment (CSE) in Canada.
The handset has a built-in firewall to prevent unauthorised connections and filter inbound traffic. S/MIME and PGP are supported for secure messaging, and smartcards can be used to provide two-factor authentication to the smartphone.
Since mobile devices are now able to store a wealth of information on local storage media, it is also important to look for a solution that can secure data on the device itself. With the BlackBerry Enterprise Solution, there is built-in functionality to encrypt all of the user data stored on BlackBerry smartphones.
Remote management is a key feature of a truly secure mobile solution.
Administrators need to be able to manage all aspects of the mobile device their end-users are carrying, from password policies to authorising which third party applications can run on the handset. The BlackBerry Enterprise Server software has more than 400 policies that administrators can set, giving them full control of a BlackBerry smartphone.
These flexible IT policies let you map your organisation's security and acceptable-use policies to your BlackBerry users so you can make decisions that are right for your organisation. For example, administrators can set policies for 4 character passwords or 15 character passwords that have alpha, numeric and special characters. You can configure a policy for locking the handset after a period of inactivity. Setting these two policies at least "locks the front door" by protecting a BlackBerry smartphone from unauthorised access.
One could put a policy in place that if a password is inputted incorrectly too many times, all of the data on the handset will be erased. If the information is extremely sensitive, then an organisation can turn on content protection so that the data is stored in encrypted form.
The next step is allowing IT to have some remote capabilities. The BlackBerry Enterprise Server gives IT the ability to remotely lock a device in the event that it is lost or stolen and not password-protected. If needed, they can go a step further and send a command to remotely wipe the data from the smartphone.
At the core, the BlackBerry Enterprise Solution is an extension of an existing mail server. This means that all of the email, tasks, notes, calendaring and contact information are already retained as part of existing policies applied to the server.
Since all other transactions, including activity such as peer-to-peer messages, phone calls and text messages, can be logged at the server, enterprise customers can leverage existing data retention policies to meet their needs. An important advantage for organisations using the BlackBerry platform is that even with BlackBerry smartphone users being out of the office and not connected to the corporate network, all transactions can be wirelessly logged and synchronised back to a central server for auditing purposes.
Enterprises should choose mobile solutions that have effective security features that ensure that mobile devices are used in a controlled manner since these devices often bear sensitive information, have access to corporate applications and play central part in business processes.
Organisations need to ensure that mobile users access only corporate applications and services that do not compromise data security, and that devices that are lost or stolen cannot turn into security threats. A standardised platform that allows for centralised, remote management of devices and policies is the best way of achieving those goals.
Business News Sector Tags: | Security|