ras-slava - Fotolia

Infosec 2014: Enablement key to mobile security, says AirWatch

Businesses should approach mobility in terms of enablement, says AirWatch

As the world approaches 1.3 billion mobile devices, businesses should approach adoption in terms of enablement, says VMware’s mobile device management firm, AirWatch.

“When tackling mobile security, businesses need to aim to make it simple and empowering,” Ian Evans, managing director of AirWatch told attendees of Infosecurity Europe 2014 in London.

The easier it is to use mobile devices in a secure way, he said, the less likely the risk of employees finding workarounds to circumvent the policies and procedures approved by the company.

“All processes, such as the procurement, enrolment and management of devices, should be as simple and easy as possible,” he said.

By enabling users to manage devices themselves, organisations can reduce the pressure IT administrators and encourage user responsibility for how the device is used.

But an important part of empowerment is education, said Evans, which includes ensuring employees are aware of security threats and potentially risky behaviour.

Instead of attempting to support every mobile operating system, for example, Evans said organisations should choose up to six of the most popular, and standardise on supporting only those.

More on mobile device management

Next, organisations should evaluate which devices and applications are necessary to support the business and then look at ways of enabling just those in a secure way.

AirWatch recommends a multi-layer approach to security, setting a terms of use policy that users must accept, and setting user policies based on business roles.

To avoid privacy concerns, Evan said location data, non-business applications and telecommunications data should all be kept private.

One security and privacy option, said Evans, is to do everything work-related in a container that is isolated from the operating system and personal data.

“This makes it easier to control and secure work-related data and applications, and enables businesses to wipe all business-related data without affecting anything else on the device,” he said.

When it comes to cost controls, Evans said it is important to make it as easy as possible for employees to manage costs themselves through providing relevant data plans and limit alerts.

Organisations need to recognise that mobile data access is not for everyone, he said. The sensitivity of data or the size of typical files in the industry, for example, could make it impractical.

Read more about Infosec Europe 2014


Read more on Endpoint security