There was a time when only the IT shop had the smarts to hook a smartphone into the enterprise network and grant it access to services such as mobile email. Today, that's just not the case. Just about any average Joe can run to his local wireless retailer, buy a smartphone, and have it configured to receive his enterprise email before lunch the next day. That should scare you.
There's no arguing against the power of smartphones. They are great enablers of productivity and can help the busy professional stay on top of office communications when he or she is not there. Smartphones are slowly becoming an enterprise necessity, but they are a tool that can just as easily expose your business to a bevy of threats.
For those not schooled in the risks, smartphones are the back-door deployment that can provide hackers -- or the competition -- with access to your network. The good news is that there are myriad tools for IT to use the thwart both sanctioned and unsanctioned mobile deployments from putting your business on the line.
Employees: Your Biggest Threat
In order to keep up with the Joneses, Jim, sales guy extraordinaire, went out one weekend and bought himself a Windows Mobile smartphone. Using the simple Microsoft tools, he finagled it to get his work email synced to the device all by himself.
Armed with his newly found communicative powers, Jim hit the road on a big sales trip that took him through multiple cities. After several weeks, there were hundreds of emails resting quietly on his device. They included contracts, sales quotes, pricing schemes, and other information you wouldn't want your competitors or customers to know about. One night, the smartphone fell out of his pocket while he was boarding a plane in a crowded airport.
Whoever finds the device will have instant access to all of Jim's emails and your corporate information. Begin security nightmare.
Shedding light on internal communications with some emails isn't the only risk here. Smartphones are often connected to back-end systems that contain proprietary enterprise data. Odds are, your execs wouldn't want that information accessible to anyone but the appropriate employees.
"Typically a rogue device is one that an employee purchases on their own," said Shari Freeman, director of product management for Sybase iAnywhere's Afaria group. "The main thing they want to do is get enterprise email and perhaps access to enterprise data. More and more companies are starting to require that if a user wants to have mobile email pushed to a device, that the device be secure, because of the confidential nature of email."
The ABC's Of Mobile Security
Where there are mobile security tools to help minimize risks, the end user also has to bear some responsibility for securing their device. And so does IT itself. Here are a few hard and fast rules to live by in conjunction with mobile security solutions.
Use VPNs: One potential weak link in remote employee communication with back-end systems is the method they use to connect. Hopping onto the Wi-Fi hotspot at Starbucks or other open public network is looking for trouble. Using VPNs that require users to authenticate and connect through secure tunnels protects data in transit.
Block Access To Public Wi-Fi: Because public Wi-Fi can be so unsecure, use security programs that block your employees from accessing them at all unless in absolutely trusted environments, such as the office. Rogue Wi-Fi networks that pose as legit services can really be a fake portal that a hacker is using to snare information from the unwitting user.