The battle rages as users fight to get their smartphones connected to your network. As many have written, it is futile to fight against the hordes beating on your door. So whether the user currently demanding access uses an iPhone, a Blackberry, or an Android device, there are a few basic principles to follow before opening the gate.
First, make sure you can centrally manage all handheld devices that connect. Yes, this includes user-owned devices. If you allow them to connect to company email or the company’s internally facing WiFi network, then you have some additional rights. The most basic of these is the right to wipe lost or stolen devices. This also includes wiping any user-owned device in the possession of a departing employee. They don’t get to take data along to the next employer…
RIM provides this in its enterprise server offering. iPhone and Android phones are manageable via Microsoft Exchange. It doesn’t matter how you do it, but place a policy in place, wrap some processes around it, and enforce central management across all devices–including those owned by C-level managers. Yes, they lose their phones, too.
The other must-have security control is central policy management. Again, if data for which you’re responsible is on a device, you have the responsibility to protect it. So creating mandatory password or PIN policies is a necessary part of handheld device security. No, your users won’t like this. But, hey, it’s sensitive data. They need to compromise a little.
Next, if you allow handhelds to connect to your network, you have to protect yourself from slowly emerging malware threats. No, there aren’t a lot now. But there weren’t a lot of viruses around when PCs first started appearing on desktops. Maybe if we’d paid more attention then, we’d have less problems how. In any case, it is never too early to start looking at packages available from all the major anti-malware solution vendors. And make sure whatever you select is centrally manageable. Not all vendors get this yet.
Finally, consider encrypting sensitive data on the phones. Yes, I understand that many encryption solutions for handhelds are easily cracked. So does that mean you do nothing to protect your data? Let’s face it, the password or PIN protection isn’t much either. The best way to prevent data breaches caused by compromised phones is to follow a very basic rule–don’t put allow it to be put there in the first place.
There are other things you can do, but these are the “absolutely must-haves,” in my opinion. Hold off the hordes until you have the right infrastructure in place and broad support for your efforts.
Tom Olzak on Security 