Employee mobile device + work = potential security problem

Employee: “I lost my iPad.”

Corporate security: “Why are you telling me?”

“I had company documents on it.”

“But you had the mobile security package installed, right?”

“Err, no.”

“I would have thought the company president would have known better …”


With the BYOD, or Bring Your Own Device to work, movement rapidly picking up steam, more and more employees are taking their smartphones and tablets to the office. This can be a boon to the CIO’s office if it no longer needs to foot the bill for those fancy new devices, but opens up all sorts of security problems.

The great thing about the current generation of phones and tablets is that they are so usable. Even forgetting apps, having mobile browser access wherever you are gives you access to information and processes that can help you do your work more efficiently and in a more time sensitive way.

Of course, being so convenient and light, it is also easy to lose them. This is why you can’t just tell your people to use their phones for work. You need to manage the access and resources they have, and be able to shut it down or delete them if the case arises. This could because because of a lost or stolen phone, but also because the employee should no longer be able to get to company data. There are levels of security access and people who are former employees should have no access at all.

All of this is on top of the security problems we already recognize and handle on laptops, such as phishing, viruses, and data loss protection.

And now a word from my sponsor …

IBM is today announcing the Hosted Mobile Device Security Management service. Capabilities in the new mobile security service include:

  • Configuring employee devices to comply with security policies and actively monitoring to help ensure compliance over time
  • Securing data in the event that a device is lost or stolen
  • Helping to find a lost or stolen device – wherever it is
  • Protecting against spyware and viruses
  • Detecting and removing malicious and unapproved applications
  • Monitoring and tracking user activity
  • Enabling more secure connectivity

And now back to me …

Seriously, this is a big but I believe containable problem if you take the necessary steps to understand the security exposures of employee devices in the enterprise and take steps now to provide the necessary security. Many people are familiar with the security and management capabilities of RIM and Blackberries, and they are now asking for the same level of comfort for iPhones, iPads, and Android devices.

If you don’t have a security policy in place for mobile devices in your company, you should start putting one together and implementing it now. Think about how many devices will need to be supported, what kinds, to what they will need access in terms of processes and data, and what you need to do when something goes wrong.

An employee need to understand that if he or she wants to use that cool new tablet for company work then he or she will need to live by the rules and policies set down to protect the organization’s assets. There’s a spectrum of possibilities between “you can’t use your own to device” to “you can do whatever you want.”

As an industry we’re trying to help companies move from the first situation to something in the balanced middle that provides the right level of security while maintaining the convenience, usability, and power of the devices.

Also see:

Comments are closed