Most companies now have smartphones, if not as standard, for a select group of key employees. These devices are now capable of calculating numbers in spreadsheets, email and storage of commercially sensitive documents. As workforces become ever more reliant on remote working so the problems of keeping sensitive data secure grow. The best way to protect this data is through smartphone encryption and, similar to laptop encryption, this can range from built-in OS features to full-suite enterprise management tools and third-party software.
While at the moment, the amount of encryption providers is small for the mobile market, this is growing at a rapid pace in line with the general growth in mobile use – writes Dave Shackland for TechTarget.com. An organization needs to consider several factors when choosing any security solution for their smartphone users.
Cost: This can be a significant factor as there are currently few built-in, or inexpensive, options aimed at commercial users. Companies should budget accordingly to get the centralized management and policy capabilities an organization needs. Platform support: While most companies have standardized equipment, certain users or companies utilizing a BYOD policy may have different devices (and OS’s) to content with. A product that covers multiple platforms would be preferable in these cases.
Policy focus: Every organization will have unique needs regarding security. Some will need to prioritize strong authentication and passwords while yet others will have a greater need for remote data-wiping for example. Determining priorities and needs beforehand will help with the right decision.
Central management: For enterprises, the ability to centrally manage policies is essential when numerous devices need tracking, logging and reporting – all of which may be required for compliance issues.
While built-in encryption varies between mobiles (Microsoft and Blackberry providing the most robust), this is often limited and most smartphone technology in this regard will be in the form of third-party software. Even then, many options are aimed at individual users, negating much of the usefulness of having central control and ceding user setting to the individual.
This will narrow the field of choice substantially and the first thing any company should do when evaluating the remaining options is to ascertain what their needs really are. In all instances though, and even once the above has been taken into account, companies should ensure that “strong, trusted encryption is possible (such as AES 128-bit or greater), centralized management and policy control is available, and that the data can be wiped if the smartphone is lost or stolen.” This will greatly help to narrow the options and ensure the right software package is chosen.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”