Day: October 11, 2012

Securing Mobile Devices without Locking Down Users

Companies, consumers, and journalists in the tech world have focused a lot of their attention on mobile devices lately. The surge in interest may have started with the court battle between Apple and Samsung a couple months ago. Aside from the petty squabbles of smartphone and tablet manufacturers, however, leading IT analysts have had more substantial discussions about how businesses should manage and protect their mobile devices. Overall, they suggest that companies have to do a better job of balancing security concerns with the privacy and freedom of mobile employees.

Enterprise mobile security and Bring Your Own Device (BYOD) policies were a central topic at last week’s Interop conference (arguably the largest and most important IT expo in the world). Network World’s Jon Gold quoted one attendee as saying, “It’s inevitable that you will have to support mobile devices…however, heavily regulated industries do actually have specific policies. There are actually companies out there where it is a fireable offense to bring a smartphone in.” Statistics back up the conference-goer’s statement about the inevitability of enterprise mobile support: according to Cisco, 95% of all businesses allow some form of BYOD. Meanwhile, the statistics also reinforce the concerns of regulators and IT experts about the security of mobile devices: according to McAfee, malware threats targeting smartphones and tablets rose 600% this year.

Fortunately, IT security experts have come up with some solutions and best practices to counteract the rising mobile security threat. Their advice includes:

Don’t trust mobile antivirus software. The antivirus program on a mobile device isn’t as reliable as the one on a PC. Mobile antivirus software can only protect against well-known malware threats. Because mobile operating systems do not have root administrative access, mobile antivirus programs cannot detect previously-unknown threats using behavioral analysis.

Be wary of Android smartphones. Apple requires users of its phones to download all of their applications from the company’s official store. Apple’s store will reject any application with vulnerabilities or malicious code. In contrast, Android users have the freedom to download and install any application from any source. Many Android owners may have downloaded a hacked version of a legitimate application without realizing it. The total number of malware targeting Android phones increased more than 4,000% last year.

Other tips. This article from CSO Online and this report from EMC’s security division, RSA, provide additional guidance about the secure deployment of mobile devices.

However, security shouldn’t be the only concern of businesses when deploying or integrating mobile devices. Companies also need to consider usability and privacy when managing their employees’ smartphones and tablets. “MDM [Mobile Device Management] is about locking down devices, preventing users from performing certain tasks they might want to do on their phones and tablets,” Bytes’s Larry Seltzer wrote recently. “From a security standpoint this is a perfectly reasonable thing to do, but users don’t like it….And in a BYOD environment, restricting what users can do and threatening to wipe their devices is a recipe for bad will.” Mobile devices let workers take their files and applications anywhere, improving their productivity. But overzealous security controls negate many of the benefits of enterprise mobility by discouraging employees from using their devices. Consequently, businesses need the find a happy medium between security and usability.

Luckily, the Chief of Computer Security of the National Institute of Standards and Technology (NIST), Donna Dodson, has recommended a solution to the security-usability conundrum. As Mobile Enterprise tells it, “Her recommendation is a virtual desktop. She says this provides a way to isolate an environment for individuals, constructing it to provide the tools they need without a lot of additional surface space for an attacker. ‘This will ensure a safer working environment and one that can be upgraded very quickly to address a threat of tomorrow that you were not expecting as you plan today,’ she points out.”

We couldn’t agree more at IronOrbit. With our Virtual Desktops, users can access their files and applications from anywhere with any web-enabled mobile device. IronOrbit users don’t have to compromise performance for mobility, either—our Hosted Desktops allow them to access the superior processing power and limitless functionality of a locally-installed PC operating system from their smartphone or tablet. Our data protection measures include multidimensional security (antivirus, antispyware, and anti-spam), complete data backups, 24x7x365 network security monitoring, and AES 256bit encryption. And, while authorized users can always access their files and applications from their Virtual Desktops, the data will always remain on the IronOrbit servers and cannot be directly transferred to mobile devices. Companies don’t have to balance or compromise anything with IronOrbit Virtual Desktops because we give them everything they want from their Hosted IT Infrastructure: the utmost mobility, security, usability, and performance.