Anyone who believes that the mobile enterprise is a new phenomenon hasn’t been paying attention. Ever since laptops came onto the scene, enterprise workers have been increasingly mobile. The advent of mobile phones and wearable devices simply accelerated the trend. They also provided more challenges for IT. It’s one thing to secure a desktop computer or a server that is firmly planted within the company’s walls, it’s quite another when the walls are effectively removed.
Learn of the unique risks associated with mobile devices and the capabilities enterprises should consider when building a secure mobile enterprise.
The problem has been exacerbated by the uncontrolled way in which mobility has entered the enterprise. People just started bringing in their devices and using them in their jobs, not realizing the risk they were creating. IT had to scramble to figure out how to protect the company while respecting the user’s privacy, on devices it didn’t own or control. However, there are ways to serve both user and company, regardless of the mobile device.
First, there needs to be an understanding between the employee and the company about what constitutes acceptable use in accessing corporate resources, usually in the form of a signed Acceptable Use Policy. In exchange for that access, the employee needs to agree to certain terms. For example, the company should be permitted to verify that the connected device doesn’t contain malware, that it has current anti-virus software installed, that it hasn’t been jailbroken (which breaks device security), and that its password meets corporate standards for complexity. The device’s patches, especially security patches, should be up-to-date.
To keep corporate data safe on an employee-owned device, many companies rely on an enterprise mobile management (EMM) system that places a separate secured area called a container on the device. That area is encrypted, and can be remotely erased by corporate IT if the device is lost or stolen, or the employee leaves the company, without affecting the employee’s personal apps or data. Business apps and data go into the container, where they are protected.
In addition, some apps use a micro VPN — a secure, encrypted connection specific to that app — to communicate with corporate servers so sensitive information can’t be intercepted. Tools are also available that prevent the user from moving data between the personal and corporate areas of the device and that set policies specifying what data may reside on the device.
Many people rely on consumer cloud services such as Box or Dropbox to send themselves files they want to work on at home; a policy can prevent corporate data from being added to the consumer cloud, instead prompting the user to place it into an encrypted cloud repository where it’s protected.
Another approach uses virtual desktops (VDI). Nothing corporate actually resides on the device in that case, instead, it simply acts as the display and input, while the storage and computing power stay on the server, similar to the way old mainframes operated.
Either approach works. The only one that doesn’t is doing nothing.