2. Secure Mobile Communications
Most experts recommend that all mobile device communications be encrypted as a matter of course, simply because wireless communications are so easy to intercept and snoop on. Those same experts go one step further to recommend that any communications between a mobile device and a company or cloud-based system or service require use of a VPN for access to be allowed to occur. VPNs not only include strong encryption, they also provide opportunities for logging, management and strong authentication of users who wish to use a mobile device to access applications, services or remote desktops or systems.
3. Require Strong Authentication, Use Password Controls
Many modern mobile devices include local security options such as built-in biometrics - fingerprint scanners, facial recognition, voiceprint recognition and so forth - but even older devices will work with small, portable security tokens (or one-time passwords issued through a variety of means such as email and automated phone systems). Beyond a simple account and password, mobile devices should be used with multiple forms of authentication to make sure that possession of a mobile device doesn't automatically grant access to important information and systems.
Likewise, users should be instructed to enable and use passwords to access their mobile devices. Companies or organisations should consider whether the danger of loss and exposure means that some number of failed login attempts should cause the device to wipe its internal storage clean. (Most modern systems include an ability to remotely wipe a smartphone or tablet, but mobile device management systems can bring that capability to older devices as well.)
4. Control Third-party Software
Companies or organisations that issue mobile devices to employees should establish policies to limit or block the use of third-party software. This is the best way to prevent possible compromise and security breaches resulting from intentional or drive-by installation of rogue software, replete with backdoors and "black gateways" to siphon information into the wrong hands.
For BYOD management, the safest course is to require such users to log into a remote virtual work environment. Then, the only information that goes to the mobile device is the screen output from work applications and systems; data therefore doesn't persist once the remote session ends. Since remote access invariably occurs through VPN connections, communications are secure as well - and companies can (and should) implement security policies that prevent download of files to mobile devices.
5. Create Separate, Secured Mobile Gateways
It's important to understand what kinds of uses, systems and applications mobile users really need to access. Directing mobile traffic through special gateways with customized firewalls and security controls in place - such as protocol and content filtering and data loss prevention tools - keeps mobile workers focused on what they can and should be doing away from the office. This also adds protection to other, more valuable assets they don't need to access on a mobile device anyway.
Sign up for Computerworld eNewsletters.