Securing the Enterprise Against Smartphones
The recent launch of Verizon's iPhone brings another influx of users into the smartphone era, where the devices are on the verge of outnumbering PCs for the mobile workforce.
Many of these new iPhone users will be bringing their phones into the business environment. A recent survey indicated that more than half of small business smartphone users rely on the iPhone to check email and schedules, and-one would assume-to consume media.
For the enterprise IT department, though, after spending much of its time locking down security around just laptops and desktops and one or two basic phones, the emergence of new smartphone options can be cause for concern.
Gone are the days of protecting against malware, intrusion attempts, or even disgruntled employees on a limited set of devices, such as Windows desktops and laptops or Blackberry mobile phones. IT departments are scrambling to either block the new smartphones and tablets from their networks or to figure out how to work with them.
At this week's RSA Conference in San Francisco, this issue is front and center with many IT departments, as the trend is away from PCs and toward mobile devices. Along the way, some of the technology providers in the space are taking a cue from the media content and controlled-access media market technologies that have been around for several years.
Several vendors I spoke with offer services to remotely disable content, in much the same way as online video content can be disabled after a set period of time or if it is offline too long and doesn't check in with the verification server.
In the instance of remote data removal, the issue is to remove both company data and company-acquired applications that might reside on the employee's personal device, should the device be lost or the employee's position be terminated.
Several of the companies brought up the liability impact of employees bringing their smartphones to work-and working from their smartphones wherever they happen to be at the moment.
"There's a challenge in securing multi-platform, and now multi-device, environments," said Ahmed Datoo, chief marketing officer for Zenprise. "As employees shift their computing tasks from desktops to smartphones and tablets, what is the impact that these devices have on securing and supporting the mobile infrastructure, and what IT leaders should be doing about it?"
Zenprise offers mobile device management and security software, and the company emphasizes a series of best practices to address the new reality of multi-platform access to enterprise content. The company's MobileManager platform is now at version 6.0, and this new release is geared toward dynamic protection of business-critical applications and data anywhere in the mobile environment.
"We work with our customers, such as Vodafone and Delta, to proactively prevent, address and remediate information security breaches," said Datoo, "at the device, network and application levels."
The multi-level approach is also shared by Mobile Active Defense (MAD), which hosted the 2011 Mobile Security Symposium at the RSA conference along with AT&T, Symantec, and several other companies.
"We hosted this conference to address a few critical elements in mobile device security," said Winn Schwartau, MAD's chairman "including geo-location-based firewall and content filtering for mobile devices."
The concept of geo-location-based firewalls and content filtering is a new twist in the world of enterprise mobile devices, allowing for multiple firewalls on a per-device, per-location basis. MAD's technology recently won a 2011 Best Practices Award from Frost and Sullivan for product innovation in the North American market.
In an article on last year's RSA conference, we discussed the growing use of two-factor authentication in enterprise security. The first is through the use of a multi-factor authentication solution. This type of solution has been popularized for federal agencies, financial services and healthcare companies, each of whom need to provide customer portal access to sensitive personal materials such as Social Security benefits, bank statements and patient health records.
Yet there's also a place in media content filtering and controlled access for two-factor authentication, as company-generated internal video clips often don't have the same level of protection available to more popular file formats such as DOC, PDF or XLS. To bring media clip security into line with other formats requires a more robust trusted computing model and integrated location-aware content filtering, both of which we'll explore in a future article.
This year the emphasis on mobile device security includes two-factor and trusted computing models, to allow a device's owner access to enterprise data, but the concept of remote data wiping for any mobile device is also gaining marked interest.
Remote data wipes on mobile devices aren't new, as the Blackberry has had this enterprise-specific feature for years. Yet the advent of remote data wipes on the iPhone and iPads-both of which are gaining in popularity for enterprise use-brought greater public awareness of the capability to the general public.
In fact, even a consumer iPhone owner can invoke a remote data wipe of a phone that's been misplaced or stolen, knowing that he can later restore the device's content from the most recent iTunes-based backup.
The dual trends toward two-factor authentication and remote data wipes are coupled tightly to a third concept called "sandboxing" that puts mobile devices into a separate area of an enterprise network.
The sandboxing trend will probably continue for a number of years, as IT departments address the uncertainty around virus protection, changes to virtual private network (VPN) schemes and a number of other changes going on in today's enterprise.
Zenprise and other companies exhibiting at RSA are banking on this trend. In July, the company announced it had closed a $9 million funding round, and revenues are up 175 percent year over year. Zenprise also recently acquired Sparus Software, a French mobile management company, to expand its European operations.
Adobe's Flash Access DRM solution is coming to Android tablets and other mobile platforms later this year