Subscribe
About

Take control of mobile devices

Mobility can be maximised as a business platform without compromising corporate data security.
By J"org Fischer
Johannesburg, 21 Nov 2007

Mobile devices such as laptops, PDAs, cellphones, flash drives and memory sticks have become an absolutely integral part of modern day life. However, from a company point of view, there is an urgent need to monitor and control the use of these devices within and outside of work premises.

While mobility is great and very much part of our ongoing need to have instant and efficient access to information and data, it brings with it a number of security issues that cannot be overlooked in this era of hacking, phishing, viruses, white-collar crime and economic sabotage.

In a catch-22 way, mobility brings with it lots of plusses and lots of additional risks at the same time. Essentially, information has become portable and can much more easily find its way into the wrong hands.

As a result, many companies of varying sizes and from various industries are implementing policies to oversee the use of mobile devices by their employees.

Mobile risks

The main risks for companies include the following:

* Loss due to theft - mobiles devices are vulnerable to theft.
* Loss due to negligence - this may be intentional or unintentional.
* Computer network or software failure - mobile devices are vulnerable to hacking or other forms of attack.
* Competitor espionage - this can takes many forms when mobile devices are outside of company premises.

At the Standard Bank group, a mobility framework project has been launched to protect the organisation`s mobile devices and its valuable information.

Among other things, this requires all staff using mobile devices to register their equipment and gain approval to use them at the bank. Those who don`t register can`t link up to the network, copy data to or from hard drives, or retrieve or send business e-mails via their cellphones.

Naturally, the bank has done this to protect its own intellectual property as well as confidential and strategic data.

Importantly, it also means it has control over authorised remote access, commission and authorises new devices and decommissions those that are no longer used by bank employees. Authentication and encryption methods are also used to protect information if a mobile device goes missing or gets stolen.

The bottom line for Standard Bank and for any company is to maximise the effectiveness of mobility as a business platform without compromising corporate data security.

This issue cannot be taken lightly as once it is connected, a mobile device can be used to access a corporate network in the same way as any desktop PC, sharing the same security risks as any other device connected to a network.

In a catch-22 way, mobility brings with it lots of plusses and lots of additional risks at the same time.

J"org Fischer is CIO of group IT at Standard Bank.

Although many companies pay significant attention to controlling laptops, storage devices such as flash drives and memory sticks should not be overlooked. They can carry large amount of data - currently up to 64GB or 10 CDs - are rewritable and can easily be lost as they are so small.

To summarise, mobile devices have become an essential part of our corporate network and of other corporate networks all over the country and all over the world. By putting in place a framework to encompass commissioning and decommissioning of these devices, the best of both worlds can be achieved, including:

* Preventing users from anonymously accessing company infrastructure and systems.
* Commissioning new devices.
* Having a terms of use agreement for the use of mobile devices.
* Applying the necessary security and management tools to security devices.
* Registering and tracking the use of mobile devices on and off company premises.
* De-registering devices when they are no longer in use.
* Having a centralised contact point to handle problems encountered by users of mobile devices.

There is indeed a bright and growing future for mobiles devices in the corporate environment, as long as careful attention is paid to security and access issues on a consistent basis.

* J"org Fischer is CIO of group IT at Standard Bank.

Share