Making sure that lost iPhone doesn't get you burned
- — 11 July, 2008 11:46
If you haven't implemented a mobile device policy, now is the time to start, according to an Info-Tech Research Group analyst.
With established devices such as RIM's BlackBerry already in rotation at most companies, and new handhelds like the Apple iPhone and Samsung Instinct on the way, IT departments must ensure employees using mobile devices are doing so in a safe and secure manner.
Mark Tauschek, senior research analyst at the Canada-based Info-Tech, said a well balanced acceptable use policy - with a strong focus on mobile device security - is essential to every major organization.
"Security is probably the most important aspect of the policy because if a mobile device is stolen, it's not just about the device, it's about the data that's on it and the cost for the company to recoup that data," Tauschek said. "You want to make sure that if a device is lost or stolen, it basically becomes a paperweight to whoever gets it."
Some of the guidelines to consider, according to Tauschek, include ensuring all mobile devices are registered with IT, making sure data protected is by strong passwords, and that IT provides centrally managed encryption for the mobile devices. He also recommended that end users who wish to connect their devices to enterprise systems through non-corporate networks employ a company-approved firewall.
Tauschek said IT departments would be wise to consider investing in technologies that can help them enforce these guidelines.
"One thing to consider is wireless intrusion protection and prevention systems that now have branded out into mobile devices," he said. "This will prevent users from connecting to unapproved networks. So, maybe you're employees won't be able to connect to that unencrypted Wi-Fi connection at their local coffee shop hotspot."
Besides security, Tauschek said, CIOs and IT managers will also have to consider the costs and usage of mobile devices and balance these issues to effectively managing their mobile fleets.
"You need to work out who pays for it, whether you have a component in the policy that allows your employees to use it for personal use, and if you plan to put a cap on how much they can spent for their voice and data plans," Tauschek said.
Clearly outlining the repercussions an employee will face for violating the policy is also important, he said.
Tauschek's acceptable use tips come on the heels of the impending iPhone 3G phone launch, which promises to bring enhanced security features over the previous model - including a feature that will enable the device to be connected more securely into corporate networks. But, according to one Gartner Inc. analyst, that doesn't mean the 3G should immediately be given the same kind of broad access to internal applications that PCs typically enjoy.