Do You Have a Platform-specific Smartphone Security Policy?

Sue Marquette Poremba
Slide Show

Smartphone Security: Alarming Complacency Among Mobile Users

Most consumers are unaware of the security risks associated with their smartphones.

I know that for years BlackBerry was the smartphone of choice for enterprise use, and with good reason: It is the most secure. But the increased personal use of devices using Android and iOS platforms are also making their way into corporate America. As more than one security expert said to me: When the executives come in and say they like to use a particular device, it is time for the IT staff and the security staff to prepare to add new technology to their repertoire.


Android, as you probably know, has jumped to the front of the pack as the smartphone platform of choice, and with it comes the increase in malware and attacks on Android vulnerabilities. Concerns of iOS security are also on the rise.


If you've read my blog long enough, you know that I am a strong proponent of having a good and effective security policy - not just for the office, but for home and personal use, too, since the lines between work and home have blurred. And that's why I loved a column by Eric B. Parizo at SearchSecurity.com. He is promoting the idea of businesses coming up with a specific security policy for Android devices. The recent McAfee report showed the need for taking Android security seriously, and since there are issues that surround Android that aren't usually a problem for other platforms (particularly the vetting process involved in the various app markets), having a policy in place that specifically focuses on the issues surrounding Android security and use makes a lot of sense.


Now, Parizo does mention that an Android security policy could also serve as a general security policy for mobile devices, and I agree with him up to a point. I absolutely buy into the idea of having a specific Android policy. But I also think there need to be similar policies for other platforms - or at the very least, the risks involved with individual platforms need to be spelled out. We all know people who use particular devices and shrug off the need for any security measures. Sometimes you need to explain that if you do X with your smartphone, you've put it at risk for Y and Z happening.


Why a specific security policy for smartphones or mobile devices? Because a surprising number of people are ignorant about how their phone works and what can happen to it if you aren't taking precautions. Even little, easy steps like password-protecting the phone, are ignored. One of my friends commented about how my phone "makes" me type in a password before I can use it, while hers just locks and all she has to do is swipe it to open. She assumed that kept her phone secure and the differences between our phone "security" had to do with the platform.


Providing both generic and individual policies should help both the business and the individual user in the long run. Of course, the next trick is implementing and enforcing the policy, but that's a post for another day.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Aug 30, 2011 2:04 PM Spencer Parkinson Spencer Parkinson  says:

As a Symantec employee focused on mobile security and management, I completely agree that organizations-and individual users for that matter-need to have policies in place to address the unique security risks that come with modern 'smart' mobile devices, or in the case of users at least an understanding of the risks and a how to mitigate them. The unfortunate truth, however, is that many organizations just aren't educating their users. In a recent survey of business smartphone end-users we conducted, 'only 51 percent said their employer had communicated policies and/or best practices to them regarding the security of their smartphones.' If anyone is interested in the full survey results, they can be found here: http://bit.ly/qLhPtP.

Spencer Parkinson



Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.