ras-slava - Fotolia
“When tackling mobile security, businesses need to aim to make it simple and empowering,” Ian Evans, managing director of AirWatch told attendees of Infosecurity Europe 2014 in London.
The easier it is to use mobile devices in a secure way, he said, the less likely the risk of employees finding workarounds to circumvent the policies and procedures approved by the company.
“All processes, such as the procurement, enrolment and management of devices, should be as simple and easy as possible,” he said.
By enabling users to manage devices themselves, organisations can reduce the pressure IT administrators and encourage user responsibility for how the device is used.
But an important part of empowerment is education, said Evans, which includes ensuring employees are aware of security threats and potentially risky behaviour.
Instead of attempting to support every mobile operating system, for example, Evans said organisations should choose up to six of the most popular, and standardise on supporting only those.
More on mobile device management
Next, organisations should evaluate which devices and applications are necessary to support the business and then look at ways of enabling just those in a secure way.
To avoid privacy concerns, Evan said location data, non-business applications and telecommunications data should all be kept private.
One security and privacy option, said Evans, is to do everything work-related in a container that is isolated from the operating system and personal data.
“This makes it easier to control and secure work-related data and applications, and enables businesses to wipe all business-related data without affecting anything else on the device,” he said.
When it comes to cost controls, Evans said it is important to make it as easy as possible for employees to manage costs themselves through providing relevant data plans and limit alerts.
Organisations need to recognise that mobile data access is not for everyone, he said. The sensitivity of data or the size of typical files in the industry, for example, could make it impractical.
Read more about Infosec Europe 2014
- Infosec 2014: Act now, but no new EU data protection law before 2017, says ICO
- US tech dominance Europe's fault, says Mikko Hypponen
- Datacentre security key to cloud security, says Google
- Threat knowledge is key to cyber security, say experts
- Cyber safety will take joint effort, says top EU cyber cop
- UK data breaches slightly down but cost way up, report shows
- Firms moving to cloud despite security fears, study shows