Security Planning Overview: Mobile Devices on Your Network
You need to take many factors into account when planning your mobile device security deployment. Because this solution spans multiple types of technology, you need to properly plan every piece of the process and follow those plans in that order.
Following is an introduction to the different components of a successful deployment.
Educating yourself on the risks
The threat landscape changes often and quickly, so plan on staying on top of the latest mobile security news.
Scoping your deployment
Prior to rolling out a solution to your end users, determine who should have access and from what types of devices. This helps you contain the size of your deployment and limit access to devices and users where you feel you have a good handle on risk.
Creating a mobile device security policy
Your mobile device security implementation is only one piece in a broader corporate security policy that governs the technologies that are implemented to ensure proper security in your organization’s network. This policy provides guidelines that you can follow when planning to allow mobile devices into your network.
Determining device configuration policies
Your mobile device security policy has an immediate impact on the types of configuration policies for the mobile devices in your network. For example, the security policy might state that all devices must have a lock password with certain requirements.
Figuring out how you’ll connect devices to your network(s)
Your organization has most likely already deployed a VPN of some sort for remote access into the network. As you expand to mobile devices, you’ll find that some VPN solutions support the wide range of mobile operating systems, and others do not. Therefore, you need to evaluate and determine whether your existing VPN meets future needs.
Devising an endpoint security strategy
The number and types of threats facing mobile devices are growing quickly as these types of devices become more popular and begin to contain much more sensitive, and potentially valuable, information. Antivirus and personal firewall capabilities need to be at the heart of your endpoint security strategy for mobile devices.
Planning a strategy to deal with loss and theft
No matter how many policies you apply and how much security you enable on the mobile devices in your network, some of them will be lost or stolen. When such situations arise, you not only need technology to help you deal with these events but also require processes and procedures to deal with them quickly and effectively.
Seeking vendor info and requests for proposals
Look at various vendors to come up with a short list of mobile security vendors that you can invite in for further evaluation. Different vendors cover different areas of functionality, with no single vendor covering all possible functionality.
Implementing a pilot
You can gain a lot of information from deploying your mobile security solution to a small group of users prior to a wide rollout. When you add end users to the equation, you get a good sense of how seamless the mobile security solution will be for users as a whole, how to address deployment problems, and the chosen vendor's suitability.
Assessing and reevaluating at regular intervals
Network, security, and user requirements evolve over time and your mobile security strategy must also change. Continual reassessment is a key part of any technology adoption, and you need to make it a part of something as critical and visible as mobile devices.