Data Encryption on Enterprise Mobile Devices

By Rich Campagna, Subbu Iyer, and Ashwin Krishnan from Mobile Device Security For Dummies

Encryption of data at rest, data that has been downloaded to and will be stored on the mobile device itself, is an important security policy to establish. Encrypting data prohibits someone from connecting a stolen smartphone to a PC and synchronizing sensitive data from the device to her PC, as an example.

Depending on the operating system platform and device, encryption functionality may or may not be built into the mobile device. In some cases, such as with Apple iPhones running iOS 4, encryption is built into the device.

In other cases, encryption is not provided in the base device and operating system, so third-party software is required to accomplish encryption. Increasingly, operating system vendors are including encryption capabilities in the operating system itself, so the primary task is to ensure that encryption is enabled.

For those platforms that include encryption, the task of managing that encryption should be handled by your mobile device management (MDM) solution. You want to ensure that encryption is enabled across the entire device, especially for any data downloaded to the device, including files, application data, and so on.

Be very careful to ensure that when you enable encryption, you know exactly what is being encrypted and what isn't. For example, the default encryption policy on a device might encrypt data on the device disk itself — e-mail, contacts, calendar, and personal documents — but might not encrypt data saved to removable media such as an SD card, for example.