The CIO struggle for smartphone security

Apple's iPhone may not have many direct business applications yet but the fuss around its launch should make you re-examine your security structure to see if it genuinely robust enough to cope with smartphones


At times over the last couple of years it has felt that all we have heard about is security. The fact remains, however, that in the current business climate it is imperative that companies have a pervasive security strategy across the corporate network; otherwise they risk all kinds of threats from hackers and viruses, to denial of service attacks.

Indeed, many of these issues have been addressed and you would be hard pushed now to find any business without at least anti-virus software, if not a full firewall. So why are we still talking about it? Well the fact is, new threats are appearing all the time.

The trend for working with smartphones as well as fixed PCs has been growing steadily over the past few years, with increased importance being placed on flexible working practices and more executives travelling around the globe. In fact recent research from Canalys has shown that 64 million smartphones were shipped worldwide in 2006, with some analysts projecting that as many as 100 million will ship in 2007.

By comparison, 78 million laptops shipped in 2006. Yet CIOs are failing to take these mobile devices into account in terms of their security strategy. While most companies recognise the importance of central IT security and are implementing core strategies, it is surprising how many people stop short at security within the four walls of company building.

What happens when they are victim of that terrible human flaw, forgetfulness? Let’s face facts, all the good intentions in the world mean nothing if an executive simply leaves their smartphone on the train, not to forget the all too real possibility of theft.

According to the British Crime Survey, 800,000 people were the victim of mobile phone theft in 2006. Although 90 percent of these phones are generally barred from active use within 48 hours this doesn’t account for what happens to the data stored on the device.

Smartphones link into the corporate network everyday and carry sensitive and confidential information. It is therefore vital that, like the laptops of remote workers, they become catered for as a part of the network and are subject to security measures to protect them.

You can’t stop your employees being human, accidents will happen and short of chaining these devices to your employees there is no defence against a determined thief, and corporate policy must pick up the slack.

Mobile phone operators are already able to bar the SIM and stop expensive calls from being made. However, a smartphone differs from mobile phones in that it also contains a significant amount of memory and many applications – for example, a memory card can hold over 1 gigabyte of data, which the thief can still access.

Executives carry all kinds of information on the device, from confidential announcements, to financial results and business in progress. Losing any of these can result not only in lost business, but a loss of trust between your company and your valued customers.

Recognition of these dangers is the first step in making sure your company’s information is protected. Enabling a full mobile device and security management solution will ensure that your employees’ smartphones are all protected and in an emergency they cannot only be disabled but also the data can be locked to prevent unauthorised access or wiped completely from the phone memory.

Important information can also be backed up on a secure server; ensuring data is retrievable, protected and secure.

It is essential to have a policy in place that takes these smartphones into account. This may seem excessive but mobile devices carry sensitive data which could compromise your business if it is leaked into the public domain.

This policy should include a process for reporting mishaps and assign responsibility for smartphones. In the past this has always been the domain of the CIO. However, the responsibility of a CIO is broad and far reaching and the birth of the CISO (chief information security officer) role has highlighted an increasing focus on dedicated corporate security strategies.

In such a role it is imperative that mobile devices are well catered for as a part of their overall security programme.

Smartphones are incredibly important for busy executives who are always on the move and this is only going to increase. It is vital that businesses acknowledge, not only their importance and benefits but also the security risks associated with these devices and act to secure them since you are only as safe as your weakest link.

Mformation TechnologiesTechnologies is a leading provider of mobile device management (MDM) software, to mobile operators

"Recommended For You"

Don't lose your life if you lose your smartphone at the Christmas bash Mobile-to-PC worm alert