Mobile Device Security For Dummies Cheat Sheet - dummies
Cheat Sheet

Mobile Device Security For Dummies Cheat Sheet

From Mobile Device Security For Dummies

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Security is a common challenge for IT departments as mobile devices, primarily smartphones and tablets, become key productivity tools in the workplace. Protecting mobile devices is critical because they’re part of a company’s network. These articles give you a bird’s-eye view of managing personal mobile devices in the enterprise:

Major Mobile-Device Operating Systems

To protect data on mobile devices, you need to know a quintet of mobile-device operating systems that powers most of today’s smartphone and tablet devices. Be ready for employee requests for access from all of these operating systems:

  • Apple’s iOS: Incredibly popular operating system from Apple, running devices such as the iPhone, iPad, iPod Touch, and Apple TV.

  • Google’s Android: Google’s mobile device operating system, powering devices from several device manufacturers.

  • Microsoft’s Windows Phone: A newer operating system from Microsoft that ships on devices from a variety of vendors. Windows Phone 7 represents a complete redesign of Microsoft’s previous operating system, Windows Mobile 6.5.

  • Research In Motion’s Blackberry: A long-standing favorite in the enterprise due to security and manageability features. The iOS and Android platforms have increased in popularity in recent years and have become alternatives to Blackberry in many enterprises.

  • Nokia’s Symbian: Open-source operating system managed by Nokia. In 2011, Nokia announced that it would begin building devices based on the Microsoft Windows Phone operating system, rendering the future of Symbian questionable.

Key Mobile-Device Security Concerns

Mobile devices, such as smartphones and tablets, can provide large productivity gains and anytime/anywhere access to corporate data and applications. This flexibility isn’t without its challenges, however. Here are some of the issues related to mobile device deployments that you need to protect against:

  • Loss and theft: These are major concerns, with hundreds of thousands of mobile devices being lost or stolen each year. Keep in mind that the most valuable thing lost with the device is more than likely the data on it rather than the device itself. Protecting against loss and theft is critically important.

  • Malware and viruses: 2010 marked the first time that smartphone and tablet malware and viruses really started to become top of mind for enterprise IT managers. These issues will more than likely increase in quantity moving forward, so you need to plan for that with your mobile deployments.

  • Inadvertent data leakage: Mobile devices frequently combine personal and enterprise applications, such as e-mail. Even the most well-meaning users might inadvertently send sensitive corporate data outside of the organization.

  • Public Wi-Fi hotspots: Today’s mobile devices combined with the nearly ubiquitous public Wi-Fi hotspots make it easy for employees to connect to open, potentially insecure networks. Protecting corporate data as it transits these networks is critical.

Major Players and Products in Mobile Device Security

Deploying a mobile security and device-management solution in your organization can be a daunting task. You could be dealing with multiple operating systems, disparate devices, and a multitude of data needs. The job is a bit easier when you consider these options:

  • AirWatch: A cross-platform, device-management solution that evolved from an early focus on WLAN network monitoring and troubleshooting. The MDM product is available as either an appliance or a SaaS solution.

  • Good Technology: Best known for their e-mail sandboxing/security solution, called Good Mobile Messaging. They also offer a device-management product, Good Mobile Management, and a VPN solution, Good Mobile Access.

  • Juniper Networks: The Junos Pulse product line focuses on providing security for data in transit; host assessment; strong authentication (via SSL VPN capabilities); device security, including personal firewall, antivirus, and antispam (via the Junos Pulse Mobile Security Suite); and mobile device management (also via the Junos Pulse Mobile Security Suite).

  • McAfee: This mobile security product line has evolved through a combination of internally developed functionality (McAfee Mobile Anti-Malware for Enterprise), as well as acquired device-management functionality (McAfee Enterprise Mobility Management).

  • MobileIron: A device-management vendor with some telecom and expense-management expertise. They’re increasingly concentrating on security as a part of their focus on full lifecycle management for mobile devices.

  • Symantec: This vendor has a number of products in the mobile security space, including Endpoint Protection Mobile Edition, which combines antivirus, personal firewall, and antispam; Mobile Management, a mobile device–management offering; Mobile Encryption, a device/disk encryption offering; and Network Access Control Mobile Edition, a version of their NAC product built to support mobile devices.

  • Zenprise: Their cross-platform, mobile device–management product, MobileManager, is designed for full lifecycle management of a mobile device deployment, including a focus on security policy configuration and enforcement.

The mobile device security space is in its infancy, and there are many new entrants into (and departures from) this space on an ongoing basis. The space will likely consolidate over time into a smaller set of industry leaders.

Top Five Mobile-Device Security Protections

Whether you form a mobile-device security plan before or after your organization distributes the devices, you need to know the most important security protections to implement:

  • A well-defined mobile device security policy

  • A mobile device management (MDM) solution that enables you to control the configuration of employee devices to ensure that they are in compliance with your policies

  • Protection against malware and other threats to mobile devices via an endpoint security solution

  • Protection of data in transit via a VPN (IPSec VPN or SSL VPN) that supports the mobile devices in your enterprise

  • A strong authentication solution rather than static usernames and passwords