Mobile device variety creating IT security challenges

Wednesday 12 December 2012

Mobile working

Businesses are experiencing difficulties securing some of the mobile devices used by employees in the workplace, it has been suggested.

According to IT analyst Gartner, user freedom of choice of device and the proliferation of handsets with inadequate security make it difficult to guarantee security, keep track of vulnerabilities and ensure updates are made.

"Allowing users, rather than the IT department, to select operating systems and versions of mobile devices opens the door to devices that are inadequate from a security standpoint," the firm said.

"An essential security baseline should require enhanced password controls, lock timeout period enforcement, lock device after password retry limit, data encryption, remote lock and/or wipe."

Gartner claimed the enterprise mobility baseline must also express minimum requirements on hardware - as operating system versions will not be sufficient.

"In alignment with the mobile security policy, network access control policies should be used," the firm added.

An example of this would be to deny access to enterprise resources such as email and apps from devices that cannot support the security baseline.

Preventive action should be taken to ban non-compliant devices or create an alert for them by using tools such as mobile device management software, the analyst added.

"Nevertheless, excessively limiting the types of allowed devices eliminates the benefits of bring your own device for users," Gartner said.

"There should be no compromise of security for the sake of device variety, but where it is possible to manage and secure a new device model, it should be done."

The firm said the policies that are enforced will depend on the risk appetite of the organisation and the sensitivity of data allowed to reside on the device.

Posted by Alex Boardman