All corporate mobile device management should
include 9 fundamental security-enhancing features.
Much
has been made this past year about Advanced Persistent Threats (APT) and, in
many cases, of compromise malware that has been used to get the first foot in
the door.
Legitimate
user accounts are then compromised and used to exfiltrate data. Mobile device
proliferation is providing more targets to attack and creating additional
challenges for today's corporations.
In many
instances, once one mobile device is configured with email credentials, any
number of mobile devices can use those same credentials to download email.
Current pressures to allow more personal smartphones and tablets on the
corporate network are increasing the risk of compromise.
Many
companies are not prepared to deal with this situation and often turn to
draconian measures such as “factory reset” enabled via Microsoft Exchange
ActiveSync to respond to incidents. This is “OK” for the company, but the
employee and the employee's personal data, music, and pictures are all at
risk.
More
granular control is required and companies need to look for the following
features in the mobile device management logic they deploy:
-
Ability
to apply control logic at the device layer and not just the mailbox layer. This
provides control over the number and type of device allowed to connect.
-
Granular
wipe versus factory reset
-
Ability
to remotely lock and reset passwords on devices
-
Ability
to locate devices via GPS sensor
-
Device
type and count reporting capabilities
-
Ability
to deploy VPN policy
-
Logging
of administrative actions and audit capabilities
-
Ability
to label devices with additional attributes
-
Ability
to identify jail broken (rooted) devices
-
With
all of this “control” over an employee's property, close legal attention also
is likely required. An employer's ability to track their employee's physical
whereabouts 24x7 is something that both corporations and employees need to
consider more deeply.
DON
DEBOLT
Don
DeBolt is director of threat research at Total Defense
No comments:
Post a Comment