Let’s face it: IT administrators in America’s top corporations have their hands full protecting company information in a world gone mobile. Smartphones, and the smart employees who use them, can often circumvent security procedures, forwarding confidential memos or attachments to other phones or alternate email accounts without consideration for the vulnerability of that information.
Rather than limit access to information, today’s IT departments are finding new ways to safeguard the behaviors of their mobile work force — regardless of the devices they choose — and prevent data loss or leakage across their networks. Here are seven habits Good Technology, Inc. has identified for how they do it.
Click through for seven security habits of highly effective mobile admins, as identified by Good Technology, Inc.
Successful IT departments seek mobile device management solutions that allow them to enforce password policies, disable sequential numbers in passwords, or specify password timeouts. Many institute a remote wipe of specific applications and their data — or wipe of the entire device — after a failed number of incorrect passwords has been entered.
Slide 6
IT administrators must be allowed to set and manage security policies at the application level, as well as at the device level. For example, implementing complex password policies at the application level provides a less-intrusive user experience while ensuring corporate security. Device-level encryption cannot address risky behavior that occurs within applications themselves — when users inadvertently share corporate data through third-party apps and cloud services. Even when phones are provisioned through an MDM solution, administrators simply have no control of security at the app level. By providing security and control at both app and device levels, IT can further reduce the risk of data loss.
Diligent administrators insist on the strongest encryption and enforce the toughest authentication policies — over the air. Because not all mobile devices support encryption, email and attachments stored on the device can easily be viewed by anyone. Security-conscious IT professionals ensure that all data gets strong AES 192-bit encryption — even data that’s in transit between a device and servers behind your firewall. All information is secured throughout a complete end-to-end system.
When an IT administrator wipes a user’s device, the user often feels wiped out too. By eliminating corporate data from a device, an employee may lose their personal contacts, favorite apps, preference settings — and a sense of privacy. But IT administrators who use app-level protection can selectively wipe corporate data while leaving personal data intact. This type of protection also prevents enterprise data from being accessed by third-party apps or intermingled with personal data. From inside “contained” applications, employees are free to collaborate with other employees, send attachments or edit documents — without behaving in an unsafe manner.
If employees are using a consumer app (like a PDF reader) to open and view company documents, those files are not completely secure. They can be synced to cloud-based storage and potentially leaked. To prevent such breaches, IT must implement restrictions only found in solutions that “containerize” data inside corporate applications.
When a mobile device becomes misplaced, lost or stolen, the most secure companies act swiftly to eliminate risk of lost data. Through the use of Web-based controls, administrators use any nearby browser to access a universal dashboard to instantly view and manage all mobile devices in their work force — from virtually anywhere, anytime — and remotely wipe information from within apps or across the entire device.
The safest IT departments start with a secure platform — with strong controls that include enforcing policies at the app level, and preventing jailbroken or rooted devices from connecting to the network. In addition, access to the network is provided through a secure NOC that only services encrypted packets and doesn’t require firewall holes.
