Smartphones have completely wriggled their way into our lives, both business and personal. Pity the CIO who forgets about these powerful and popular tools when it comes to securing and managing his network. For some, smartphones and
Focus on two key areas for mobile device management:
- Deployment or the management of updates and other changes to mobile devices.
- Security or the ability to ensure that mobile devices are secure at all times.
Deploying changes to mobile devices
If you're using mobile devices in your network, chances are good that you're using Research in Motion Inc. BlackBerrys, Apple Inc. iPhones, Android devices or Microsoft’s Windows mobile phones. If you're lucky, you'll have only a single type of device in play -- in most cases, however, organizations need to manage several different devices at the same time, using a variety of tools.
Research in Motion has the most experience in with multiple device management. Its BlackBerry Enterprise Server (BES) allows you to manage your inventory in a single administration console and easily deploy BlackBerry OS updates to all your devices while monitoring the update installation process from your desk. BES has been around for a while: In fact, when a modification to the Daylight Saving Time (DST) was made in 2007, BlackBerry administrators didn’t have to deal with the hour-change nightmare -- they simply deployed the DST patch through the BES server, and all their mobile devices were updated. If you manage BlackBerry devices, BES is your best bet.
For iPhone users, iTunes is still required to deploy software updates to your mobile devices. If you have several iPhone devices in your company, think of placing your iTunes deployment strategy on workstations to ensure that your iPhones are up to date. Other phones use a variety of both local and remote update services. Basically, if you manage more than one smartphone type, you will need to manage multiple updates or change deployment strategies.
Securing mobile devices
When it comes to security, it’s vital that you have control over your users' remote devices. For BlackBerrys, the BlackBerry Enterprise Server will again allow you to control security policies. For almost all other devices, Exchange ActiveSync Policies (EAP) is your game plan. EAPs have become a standard -- iPhones, Android devices and Microsoft smartphones all rely on these policies to control their devices to some degree. While EAPs were originally designed to control Windows Mobile devices exclusively, they have evolved to provide a standardized means of control of any smartphone. Whether you use BlackBerrys or other smartphones, you’ll be able to control the following security characteristics:
- Password and data security: Deploy a strong password policy across your mobile device inventory. Also, force all mobile devices to lock after a certain time of inactivity while requiring a complex alphanumeric password to unlock the device. You need the ability to wipe out mobile devices remotely, in case users lose their phones. This will prevent potential confidential information breaches if the phones fall into the wrong hands and will also protect the owner’s identity.
- Encryption: Most devices come with strong encryption encoding that cannot be disabled. For example, the iPhone iOS4 uses Advanced Encryption Standard 256-bit encoding -- other phones use similar levels. Make sure that every device in your stable is locked up with a strong encryption policy to protect data or any confidential settings when the device is locked.
- Application security: By connecting mobile devices to EAPs or to a BES server (remember, EAPs are not supported by BlackBerrys), you can control accessibility and application settings. For example, you can allow or deny the use of removable storage on mobile devices that support it. You can also make sure that only signed applications can be installed on the devices, reducing service calls and future troubleshooting.
- Mobile IT security policy strategy: Define a strong and simple security policy for your mobile devices. It’s easy to get carried away with IT security policies, but if you make them too complex, it's more pain than gain.
- Employee awareness: Since almost everyone has a mobile device these days, educate your users on the potential security risks. For example, implement a company policy that requires employees to inform you if they have lost their phones.
Basically, you need to manage mobile devices just as much as you need to manage workstations, by supporting the deployment of changes as well as the security of the device and implementing a remote device policy. Ignoring mobile devices in your security policies may end up introducing a weak link in your network. Nobody needs a weak network. Do your homework and prepare for the worst ahead of time.
Danielle Ruest and Nelson Ruest are IT experts focused on virtualization, continuous service availability and infrastructure optimization. They are authors of multiple books, including Virtualization: A Beginner’s Guide for McGraw-Hill Osborne, as well as the MCTS Self-Paced Training Kit (Exam 70-652): Configuring Windows Server Virtualization with Hyper-V for Microsoft Press. Marie-Andree Furlong is change management coordinator and technical writer with BC Ferries, the world’s largest ferry fleet. Contact the writers at email@example.com.
This was first published in April 2011