Where do you start with smartphone management?

Blackberry

There are a number of solutions that enable smartphone management and implementing the raft of security policies you will need to manage an estate of these new gadgets.

Typically the organisation will want to manage their smartphones as they would any other device or computer attaching to the corporate network or accessing corporate resources. The use of a single management suite that aggregates all types of devices under one central tool is probably the best approach, if you can find one that meets your requirements.

Will you permit users to use their own devices to access your systems? If so, will you permit all devices or only those that have been checked as secure by your security team? Users also need to be aware that if they are using their own devices to access corporate data then their devices may be seized for examination if there is an incident or data discovery requirement. This may deter some using their own devices to access corporate data.

You will then need to consider the use of apps and how, or if, these will be downloaded. After all, how can you be certain the apps that users download will not break your systems or introduce malware? These apps need to be policed. Finally, don’t forget to update your organisational information security policy to take into account use of mobile devices.

The solution(s)

There are a number of third party solutions emerging to the problem of smartphone security. I have categorised them as follows:

  • End user smartphone security. This is the provision of security products that a user can install on their smartphone to deliver a degree of protection. Typically it will comprise anti-malware and anti-virus products similar to those found on desktop PCs
  • Smartphone management. These tools enable an estate of smartphones to be centrally managed. Typically this solution would be used in a large organisation.
  • Voice security. A neglected area of smartphone security. Due to the design of the mobile phone network smartphones are at risk of voice interception. By installing and using a voice security product voice calls are encrypted.
  • Data Security. The increasing use of smartphones to access corporate data means that additional data security is often needed to protect the data.
  • Security Management for Network Operators. Increasingly, network operators are seeing an opportunity to sell additional security services to their premium customers.

Summary

Cast one’s mind forward 20 years and it boggles at the depth and breadth of attacks our mobile phones will be subject to. In the meantime, anyone that conducts sensitive business using a mobile phone should seriously consider implementing the preventative measures discussed in this presentation.

As more and more people use their mobile phones to run their entire lives, hackers and others will focus their efforts on getting the information they need from these devices. In many respects attitudes towards mobile phone data security reflect those held 20 years ago towards the humble personal computer. Back then attacks were minimal, anti-malware was yet to become established and hacking was in its infancy. Now we are in a maelstrom of attacks against the PC using sophistication and scale we previously thought impossible.

Nigel Stanley is a specialist in business technology and IT security and now heads up Bloor Research's IT Security practice. For a number of years Nigel was technical director of a leading UK Microsoft partner where he lead a team of consultants and engineers providing secure business IT solutions. He has written three books on database and development technologies including Microsoft .NET. Nigel is a member of the Institution of Engineering and Technology, the British Computer Society and the Institute of Directors.