The Principles of Secure Mobile Computingby
The world has never had easier access to information than it does today. Increasingly, that information resides in the palm of our hands, away from the office and out on the road. This new world of mobile computing is enabling unprecedented communication and productivity, but it can also pose threats to our business and personal information.
Let’s put this in context. In 2012, there were 6 billion mobile subscribers—that’s roughly 87 percent of the world’s population, according to a recent UN Telecom Agency report (pdf). In the midst of this explosion, mobile is getting smart: Smartphone sales accounted for about 40 percent of total mobile phone sales last year, and industry analysts such as Forrester Research predict tablet sales will surpass PC sales by 2016.
Enjoying the freedom and flexibility that come with mobile computing requires comprehensive safeguards to manage the mobile environment and avoid placing corporate infrastructure and data at risk. By their very nature, mobile devices have a greater propensity to be lost or stolen and have become big targets for hackers, malicious apps, and other threatening content. It is critical that companies remain vigilant in securing connectivity and guarding against the growing list of threats.
The following are some principles of secure mobile computing that can help companies navigate this new territory:
Gain visibility and control: Mobile devices will increasingly be used by employees for business, so put in place the infrastructure to track these assets and their corporate interaction but evolve policies to balance oversight with privacy (especially for personal devices) in a manner appropriate for your organization and industry. This includes endpoint management and securing applications with strong access controls. At IBM, we don’t allow employees to use voice-activated digital assistants, such as SIRI, when sharing confidential or sensitive data.
Design security into the mobile solutions: Analyze the data and apps that are important for your employees to be productive. Institute processes to access these apps and data securely and to ensure that the security of the apps remains high.
Formulate a phased plan of deployment: Unmanaged mobile adoption for an enterprise can expose the organization to significant risk, so institute a transparent, phased plan that will satisfy early adopters without being overwhelmed before comprehensive security practices can be put in place. Also, plan to offer security awareness training to employees for sensitive communications or cloud-based data storage for confidential data.
Manage costs: Mobile promises significant business value, but there can be many hidden costs in supporting the infrastructure and controls necessary to realize that potential. Evaluate tools and systems that enable your organization to reduce administrative expenses, streamline policy management, and have a unified view across devices, apps, and users.
Keeping your network and the devices that connect to it secure is a dynamic challenge that must be designed to stay ahead of quickly evolving threats. Organizations can tap into the benefits of mobile computing, including greater productivity, improved response times, and increased customer and employee satisfaction, but they need to develop a realistic strategy that is carefully planned and executed.