This post was published 2 years 3 months 23 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.

It is necessary and possible to secure mobile devices, regardless the legal ownership

Jaap van Ekris from  Modern Nomads has a terrific article up on easy and effective securing of Windows Mobile devices.  There is no question that “Shutting out mobile devices is counterproductive if you want to stay in control” and part of the solution is to setup a solid company security policy that users will be able to apply easily.  In part, Jaap said:

PDAs, and especially smartphones, are very popular devices. Sadly many IT departments still ignore Windows Mobile devices. The devices live in the gray area where they do interact with the business systems (like Exchange and Sharepoint), but are not secured according to company policy. This results in an unmanaged risk in the infrastructure: the devices do contain business information but no demands are posed upon them to make them secure. We identify the risks that are introduced and show you that these risks are in fact unnecessary because you can do reduce the risks without adding costs or overhead. In this article we show how you can achieve a reasonable level of security that has minimal impact on user experience and budget.

This article is written based on a series of presentations for IT managers from both small and big companies as well as several articles I’ve written for information security magazines. What amazed me is the lack of attention for the devices that are bought by employees themselves. Companies are extremely restrictive on the mobile solution they buy themselves: most of the IT managers I spoke rejected any proposal to do so. To them, that was the end of the mobile discussion. To me it wasn’t: it proved to me that they were ignorant about the devices that entered through the backdoor, by taking this position the problem got worse instead of better. The discussions that followed provided great insight on both sides, and I want to share the things we learned together.

Major point in this article is that it is necessary for ICT departments to take measures to secure mobile devices, regardless who is the owner of the physical device, and that measures are relatively easy to take and that users should not be hindered too much by it. Many companies have developed a blind spot for mobile devices in general, especially the ones that are taken along by employees themselves. Companies are in fact taking counterproductive measures to protect their interest: most companies only allow the desktop sync with these devices, which makes these devices unseen and uncontrollable even if they are completely filled with company information. To stop this, companies do have to grasp any means possible to gain control over these devices: it requires guerrilla tactics to find uncontrolled devices in your infrastructure and convert them into well protected containers of information.

You can read the entire article on Easy and effective securing Windows Mobile devices here at Modern Nomads

Jack Cook (2689 Posts) - Website | Twitter | Facebook