First there were sewing-machine sized portable PCs, then laptops, the Newton, the Palm Pilot, and phones with built-in PDA functions. The iPhone led the way to the ubiquitous smartphone, and the iPad ushered in an era of tablets. Now wireless hotspots, printers, storage, and a variety of other devices are making their way onto your office network, possibly without the knowledge of managers.
These devices have the potential to compromise security, whether by introducing malware onto other devices on your network, or transporting company data outside the network. Fortunately, antivirus and encryption apps are available for all the major smartphone and tablet platforms, and most allow remote management.
1. Create formal policies for mobile devices
You can’t ask users to abide by a security policy if you don’t have one. It doesn’t have to be a long document that covers every possible contingency. A brief statement about protecting corporate assets will not only be easier to understand and remember, but easier to get buy-in on from users. Make clear that the rules aren’t simply to make users’ lives harder, but to protect the organization.
2. Create your own App Store
Create a list of the recommended or required applications–such as encryption software, an anti-virus client, and VPN software–for each mobile device or platform you’ll be supporting. You can create an internal Web site with links to the appropriate download sites. Help the users understand the easiest way to install and use these applications.
3. Control wireless access
Most wireless access points allow you to set up two or more networks, a trusted network for authorized devices, and a quest network for all others. You can maintain a list of authorized devices, and all others will only be able to connect to a guest network that gives Internet access but not access to the company network.
To ensure that devices can’t circumvent security while connected to a PC or other device, you can run a management server that can control access to USB ports, lock down synchronization applications such as ActiveSync or iTunes, and control which files can be transferred to a mobile device or portable storage.
4. Consider Network Access Control
Network Access Control (NAC) systems monitor the network and check any device that tries to connect for specific parameters, such as an up-to-date anti-virus client, patch levels, particular applications such as encryption or VPN apps, and settings such as ensuring that passwords are properly complex. NAC systems help secure the network by ensuring that devices that are insecure or may have malware loaded, or that don’t properly encrypt data, cannot connect to the network.
5. Create a policy server
Each of the major operating systems, such as Android and iOS, can be used with a policy and management server such as System Centre Configuration Manager or SELinux Policy Server. These servers allow you to access mobile devices remotely, wipe them if they are stolen, install necessary applications anti-virus clients, load patches to the OS or applications, and ensure that any data copied to the device is properly encrypted.