• No results found

Basic Principles for Increasing Security in a Mobile Computing Program

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Basic Principles for Increasing Security in a Mobile Computing Program"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

Basic Principles for

Increasing Security in a

Mobile Computing Program

Increase Business Productivity and Employee Flexibility

The pitfalls of mobile computing and basic principles for

building a program that increases employee flexibility,

business productivity and overall peace of mind.

(2)

Introduction

Accessing a company network from a mobile device is nothing new. Employees have been doing so for more than a decade, with the company being the arbiter of who had that privilege. But in the past five years smartphone sales have seen marked growth, bringing an increased demand for mobile accessibility. And consumer applications have opened the door to new opportunities for harnessing company data.

The resulting benefits of added flexibility and productivity can boost a company’s bottom line. Employees can work during the margins of their schedule: at halftime of their child’s soccer game, in the customer queue at the corner coffee shop or while waiting for a table at their favorite restaurant. This has led more employees to use their personal devices for work, a trend known as BYOD, or Bring Your Own Device.

But when a personal smartphone or other device isn’t properly configured or managed, it becomes a potential source for corrupting or leaking critical business information. The after-hours work opportunity could lead to confidential data being left in the restaurant booth or on the bleachers at the soccer field. For this reason, corporate mobility programs also come with a cost, primarily in terms of the resources required to secure company data and manage the mobile devices containing that data.

For corporate IT staff, it can be deceptively easy to respond to this risk by applying mobile security measures that are excessive in nature, resulting in a productivity tax on employees that reduces revenue and can affect the bottom line. At the other end of the spectrum are companies that throw up their hands in resignation and either enact an inadequate level of security measures or — even worse — none at all.

By applying a few basic principles, companies can create a network that is more secure, provides an effective device-management solution and gives employees the tools to get work done on their own terms.

(3)

Table of Contents

The Growth Potential and Pitfalls of Mobile Computing 3 Best Practices for Embracing a Mobile Mindset 4 HTCpro: Resources and Solutions for Mobile Businesses 5

(4)

The Growth Potential and Pitfalls of Mobile Computing

The technology industry has seen a steady decline in personal computer sales for the past two years, while demand for smartphones and tablets continues to rise. Research suggests this trend will continue for at least the next five years. In many cases, employees independently purchase a smartphone because they want more personal flexibility. Installing consumer applications on their phone to get work done is merely an added bonus that they take advantage of without the aid or approval of their employer. The impact of this trend is felt most keenly by corporate IT staff. A global study commissioned by security provider Symantec Corp. found that 48 percent of companies consider mobile computing as “somewhat” to “extremely” challenging.1 As a conse-quence, roughly one-third of the IT staff at most companies are involved somehow in managing mobile computing.

Meanwhile, companies of all sizes have started leveraging the increased flexibility and potential of their newly mobile workforce to develop and deploy line-of-business

applications designed specifically for platforms such as iOS and Android. Symantec also found that more than 70 percent of companies surveyed have begun, or intend to start, developing their own applications for sales force automation, enterprise resource planning and other lines of business, rather than relying on the consumer applications used by the majority of smartphone owners.1

Security Concerns

Even with all of the benefits of a workforce that is armed with mobile, line-of-business applications, there is still a real potential to leave the door ajar for a Trojan horse full of unanticipated costs and security vulnerabilities. This risk is not lost on most IT departments. Indeed, mobile computing is frequently called out as one of the biggest expenditures of corporate IT resources as a result of the cost of support.

The same Symantec survey found that mobile computing was the most risky program launched by companies, with nearly a quarter characterizing the level of exposure they have faced as “high” or “extremely high.” In terms of financial impact, the average amount that a company loses each year due to inadequate mobile security measures is $247,000.1 But for all the potential risks, just over 70 percent of companies still consider mobile computing as a program that is well worth the investment.1

(5)

Best Practices for Embracing a Mobile Mindset

Among the biggest obstacles IT decision-makers face when devising a security strategy for a corporate mobility program is a misconception about mobile devices — that they have the same potential for security risks as a laptop and must therefore be treated as such, or that there is no possible way to secure them. This can lead to two different, and generally misguided, approaches to mobile computing security:

• Applying the same security protocols to a mobile device as would typically be applied to a laptop. The outcome is usually a heavy-handed security strategy that, while minimizing the potential loss of data, also hinders the ability of employees to get things done.

• Applying no security protocols in the belief that smartphones cannot be secured and that the loss of some data is a reality for enabling employees to conduct business with their mobile device.

What both of these approaches fail to grasp is twofold:

• Whether running on Android, iOS, Windows Phone or another platform, measures can be taken to increase security on smartphones.

• Mobile devices are distinct from laptops, and therefore require a specifically tailored approach to security.

To be truly effective, the guidelines for developing a mobile computing security program cannot be easily summed up in a short list. Rather, every company’s approach to security should be comprehensively tailored in a manner that strikes a balance between its business needs and the sensitivity of its data. With that in mind, there are seven areas of security that companies must be sure to address as the core of a successful, comprehensive mobility program:

1. Data encryption. Whether a company is developing an encryption solution or

purchasing one from a third party, encryption should not impede the usability of the device. At the same time, encryption solutions must offer a sufficient level of protection to help ensure that data remains protected, whether stored on the device or streaming across a network.

2. Password enforcement. It’s important to ensure that appropriate password protection

measures are in place to assist with controlling access to data on the device. The complexity of password requirements — such as required length, use of alpha-numeric symbols and frequency of password change — should all reflect the sensitivity of the data to be protected.

(6)

3. Device management. Some form of fail-safe method for locking down or wiping a device if it is lost or stolen should be considered. Companies might also think about using a device-management solution that enables the selective wiping of business data in the event that an employee leaves the company with their personal smart-phone and wants to preserve their private data.

4. Compliance and configuration management. A thorough vetting of mobile applications

ought to be considered, to help ensure that an employee’s device does not jeopardize the security of the data or the company network. Likewise, policies should be in place to prevent users from visiting any websites that are a known security risk.

5. Data access. Careful consideration should be given to defining appropriate levels

of access. In addition to an employee’s role, other factors to consider are the nature of the device, whether the person is trying to access data from within the office or offsite, and what they need to do with the data.

6. Trust and confidence. The preceding aspects should accrue to provide a level of

comfort and understanding that doesn’t prevent the end user from effectively using their device.

7. Enablement and ease of use. Rather than focusing on the negative aspects of security

measures, companies must effectively communicate how these measures will enable employees to get more done, while making their lives easier. To this end, any actions that must be taken on an employee’s part should be streamlined to increase the rate of compliance across a company’s workforce.

If all these factors are considered, and related safeguards are put in place, then a company’s mobile computing program will achieve more than increased security. It will also provide the corporate IT team with an extensible platform for rolling out updates and new applications. Further, it will offer the flexibility and increased productivity that employees and managers have come to expect, and it will help minimize risks such as loss of customer trust or diminished performance of company stock due to the leak of confidential business information.

(7)

HTCpro: Resources and Solutions for Mobile Businesses

Creating a mobile computing environment with increased security expands a business’ potential for getting things done. HTCpro™ has been created to help businesses make the most of that potential by enabling HTC devices to deliver enterprises features, which offer seamless productivity both out of the box and when paired with line-of-business applications.

Adoption or expansion of mobile computing initiatives within businesses can bring many issues to tackle to the forefront. With that in mind, HTCpro works with a variety of enterprise solution developers that offer industry-leading expertise and offerings across a broad set of solution areas. And HTCpro works to ensure the compatibility of these solutions with HTC devices, as well as to help create a user experience that is productive and enhanced for employees.

Collectively, HTCpro gives IT decision-makers the resources to create a mobile computing platform with increased security upon which to deploy the business applications that they need. When used in conjunction with fundamental principles of security, it can provide employees and executives with the confidence to work wherever and whenever they have access.

For more information about HTCpro business features on HTC devices and enterprise-enabled partner solutions, please visit HTCpro.com; and visit HTC.com see a complete portfolio of enterprise-ready smartphones.

For media inquiries, please contact: HTC Media Relations

[email protected] +1 425 638 7000

(8)

About the Author

Will Ro

Director, HTCpro

Will supports sales operations activity for HTC North America as well as oversees growth of sales, technical resource management and partnership formation with the HTCpro program. He has 15-plus years of experience across enterprise sales, system integration, wireless, network security and business planning. He has solid experience in IT integration and how it builds off of business processes. He has a Bachelor of Science in biochemistry from the University of California, Los Angeles.

References

Download now ( PDF - 8 Page - 623.00 KB )

Related documents

Genes Involved in the Biosynthesis of Lac Dye Constituents in Indian Lac Insect, Kerria lacca (Kerr)

It appears that both body and resin color pigments are derived through laccaic acid D, which is a component of the body color pigments in wild type crimson insect and only

Human Trafficking: The Role of Culture

Using varying empirical measures, Bales (2007), Cho (2015), and Rao and Presenti (2012) have identified one or more of the following as significant push factors; poverty,

Norwegian Girls in Mainstream Blogging : Performed Blogging Selves, Experienced Digital Competences, Gendered Discourses

Combining qualitative in-depth interviewing, ethnographic analyses of blogs, and critical discourse analysis of Norwe- gian press coverage in a longitudinal design, I investigate

Comparison in zonal sales of Square Toiletries Ltd

Program Title: Jui, Chaka & Magic products Cash Discount Program Square Toiletries

How. Guides. Manage Your Debtors.

If payment has still not been received after four days of Letter 2 being sent, make telephone contact with the client to establish whether and when payment is to be made..

The 1 st Biotweeps Twitter Conference

If, due to unforeseen circumstances, you are unable to be present during your allocated time slot, you can schedule your tweets (using services such as Tweetdeck, Hootsuite or

Chemical evolution of the Magellanic Clouds: analytical models

observational [O/Fe] ratios plotted in Figs 6 and 9 have accordingly been shifted upwards by 0.2 dex, which leads to a somewhat different picture from that assumed in previous

Sentinel lymph node biopsy in thyroid tumors: a pilot study

For the decision for or against prophylactic neck dis- section in papillary thyroid carcinoma, the high incidence (10–15%) of recurrent disease in the regional lymph nodes [15, 18]