Day: February 28, 2012

Protecting Your On-the-go Endpoints: Mobile IT Security Risks and Solutions

In recent blog posts, we have explored the increasing ownership rates of mobile devices; how large organizations like the United States Army and the Department of Veterans Affairs have integrated mobility into their IT infrastructures; and the many cost and efficiency benefits for businesses that embrace mobilization. Today’s blog post will cover the unique security risks of mobile IT and reveal the industry best practices for minimizing or removing these vulnerabilities.

Two obvious vulnerabilities unique to mobile devices are:

1) their likelihood of being lost or stolen (about 40% of organizations have had a mobile device lost or stolen)

2) the lack or weakness of their internal security protections (mobile devices often lack firewalls and anti-virus software)

This article from TechTarget suggests the following protections against these security risks:

1) strong passwords

2) data encryption

3) software that allows a person to remotely delete information on the device (“remote wiping”)

For SMBs that implement mobile IT, a mobile security expert identifies three additional security risks: device diversity, outdated firmware, and leaky network authentication and data. Here’s a summary of his advice:

-“Device diversity” refers to the fact that smartphones and tablets have many different operating system options, such as Android, iOS, Symbian, and Blackberry OS for smartphones and dozens of different device-specific operating systems for tablets. Securely integrating these devices that vary at such a fundamental level can be difficult. The expert recommends connecting and authorizing the devices in a minimal yet functional way (“It’s important to distill what you care about most when it comes to protecting your data and resources with personal devices. You can’t focus too much on what extra things you can do on a few select devices, but instead what you can do across the board so your message and remediation steps are consistent with all your employees and their devices”).

-The programs that control a device at the hardware level are called firmware. Hardware manufacturers will occasionally release a new version of firmware to remove a security vulnerability, but most people will fail to download and install the update. The expert recommends communicating to employees about the importance of updating their firmware.

-“Leaky network authentication and data” refers to lost and stolen devices. The expert expands on the topic by recommending that any device inactive for 30 days should be remotely wiped.

While useful, all the security measures mentioned above would require additional software purchases and training. Organizations would be better served switching to IronOrbit’s mobile-ready desktop virtualization platforms and hosted applications. These solutions allow mobile employees to log in to a secure, fully-integrated online work environment that resembles an operating system or individual application on a personal computer. The network administrator can ensure security by controlling access to these systems and prohibiting users from copying data to their devices. Even if a mobile device were lost, stolen, or hacked, the network administrator could neutralize the threat by removing it from the list of permitted devices.