As mobile devices become more powerful and more widely used, security has become the proverbial elephant in the room. Everybody knows there is an entirely new set of security issues that come into play, but few are sure what to do about them. And the excitement to deploy mobile content can make companies and organizations compromise or even overlook the security implications.
The convenience of mobile devices is their downside. A portable item that can have access to your work and personal information is easy to misplace or be stolen. PIN security codes help to protect that information somewhat, but the only way to truly protect the information included is a mobile wipe. That needs to be able to be completed in a timely manner to keep your information from getting into the wrong hands.
Custom applications for mobile devices are another risk. Whether they are native code or mobile web apps, if they are accessing remote data, there is a risk. Researchers find that most mobile apps (over 50% total, and nearly 90% of third-party apps) do not use secure connections for data access. Something as simple as requiring SSL connections can help protect that data.
Another concern as mobile devices are being more frequently used in the corporate world is that they add new vectors for potential threats. The devices are using new operating systems that don’t fit with most security vendors’ software offerings. Some companies, such as Symantec and F-Secure, have recently introduced security software for mobile devices, but they don’t work with the integrated security systems that most IT departments are familiar with. Some companies may rely on their network security gateways to protect mobile devices until users switch to mobile connections and bypass those methods entirely. That adds the risk of a mobile user accessing a compromised file and bringing it into the network, bypassing security controls. Add in the already known issues of unsecured wireless networks and Bluetooth vulnerabilities when mobile users are outside of the office and it is easy to see why some corporate IT departments are nervous about the proliferation of mobile devices on their networks.
After hearing all of that, it could seem like mobile security is nearly impossible to achieve. It is easy to become paranoid about vulnerabilities when you research security issues. The good news is that there are good points to talk about. The new mobile operating systems run apps in separate memory spaces that make it more difficult for potential viruses to hijack a device. The review process for iOS apps and the new security requirements for the Android Marketplace should help keep apps more trustworthy. The mobile device makers are taking the issue seriously. They understand that people want their devices to be secure and are taking steps to improve that.
So what’s the answer? As with any evolving technology, use common sense and caution. Don’t rush into content mobile delivery. Create a standard for best practices for your mobile users and then distribute the information in all of your regular channels such as newsletters and your intranet site. You can also consider procedures such as requiring PIN codes, setting up a remote wipe method, and considering data encryption. The most important step is to find a comfortable middle-ground between security and ease of use. As mobile devices become cheaper, if your policies are too restrictive, users can easily get their own phones or tablets and circumvent all the protection you put into place. Mobile devices should be used to make tasks more convenient. Keep them that way, and everybody will be happy.
The Float Team
Latest posts by The Float Team (see all)
- Top 3 Takeaways from CETS - August 19, 2019
- How Convenience Stores Use Mobile Learning to Reduce Staff Turnover - August 9, 2019
- Come See Float at the Chicago eLearning & Technology Showcase - August 1, 2019