TMCnet News
Minimising the security risks associated with mobile devices [Mercury, The (South Africa)](Mercury, The (South Africa) Via Acquire Media NewsEdge) More than ever, consumers are spoilt for choice in mobile computing and smartphone devices. New devices are released with bigger and brighter screens, faster processors, more megapixels and have the ability to do more than just make a voice call. IT staff have been caught off guard, as its model of supplying and supporting business has historically been limited to workstations and laptops. It was possible to control the look, feel and security configurations of corporate devices centrally. This has all been turned on its head, as users want to connect personal mobile devices of all shapes and makes to the corporate network. This infiltration of employee devices, together with the complexities around supporting a diverse range of device operating systems and communication protocols, has placed pressure on IT, not only to support the connectivity of these devices, but also to ensure the security of enterprise data both on the device and the corporate network. In addition, business has seen the competitive advantage that these devices bring around automating their business processes and providing the ability to communicate with their clients "on the go". This, in turn, has led to development of mobile applications which connect both clients and employees to the corporate network, often not just viewing data but also collecting data. As a result, mobile device risk has evolved beyond the security risks associated with e-mail and the ever-popular diary management. When considering your mobile device deployment strategy, a number of factors must be considered. Some of these include: l Is your intended use clear, will it just be for e-mail or will you be allowing users to access sensitive information? l Are you operating in a regulated industry and would these mobile devices increase your risk of compliance? l Do you know which devices are already connected to your network, who the owners are and what they are doing with this device on your network? l Do you develop your own mobile applications, and if so, do you follow the same rigour as in your other development projects? If you have outsourced the development, are you managing those risks appropriately? l Do you control who has access to these applications, for example through an internal app store and do you commission and decommission access appropriately? l Have you considered the security of these mobile devices or are you merely relying on the keypad pin for security? Many organisations have found that even when they had wrapped their head around some of these questions, they still struggled with the centralised enforcement of policies in an environment in which the employee or customer owns the device. Having assisted numerous clients in designing and implementing mobile security strategies, KPMG can advise organisations on every step in their mobile device enablement journey and minimise the risks. Govind is the director, |IT advisory at KPMG. |Contact him at 082 719 1389, 031 327 6000 or e-mail [email protected] The Mercury (c) 2014 Independent Newspapers (Pty) Limited. All rights strictly reserved. Provided by Syndigate.info, an Albawaba.com company |