According to a recent draft of mobile security guidance from the National Institute of Standards and Technology (NIST), businesses should seriously consider the deployment of software that can provide centralized management for mobile devices. This recommendation appears in "Guidelines for Managing and Securing Mobile Devices in the Enterprise," also known as Revision 1 of NIST Special Publication 800-124. The draft guidance goes beyond a mere recommendation of such IT solutions; it also provides detailed suggestions that SMBs can use to help them select a centralized management program for mobile devices, as well as guidance with regard to installing and using such a system.
According to Karen Scarfone, who co-authored the report, the very things that make mobile devices advantageous for workers are the same things that can cause IT security headaches. "Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats," commented Scarfone.
Among the concerns that surround mobile devices are the likelihood of theft or loss, which can mean unauthorized persons gain access to the contents of the device. While one solution to this is certainly mobile encryption, NIST's recommendation of a central management system is also highly salient. With a central program able to reach out and control mobile devices, ‘remote wipe’ becomes feasible. This is often a last resort, but it is an important option to have on hand should a phone or tablet go missing, even when its contents are encrypted.
Central management also provides an important way to keep phones safe from apps containing malicious code. Employees may believe that a given app improves their productivity and in some cases, they may even have downloaded games or other entertainment apps, particularly when the device in question is their own personal property. Some apps, however, present definite concerns for IT personnel as they can have a back door that would allow a hacker remote access to the data stored on the device.
The NIST guidelines have been brought up to date with the technology in common use in a business environment today. Because IT security for laptops is a distinct issue with its own IT solutions, this revision focuses heavily on tablets and smart phones. The simpler "regular phone" is also not covered because it generally presents a much lower level of vulnerability.
Does your business support a BYOD policy? Are your networks and devices adequately secured? Check our whitepaper below for tips on mobile device security!