Given the recent epidemic of high-profile security incidents that are a direct result of a mobile device or network being compromised, it is essential for organizations to understand the importance of mobile security. The main security concern is not for the physical devices themselves, rather the data that resides on them and travels over the networks they use. Think of mobile security from a data perspective, and include policy elements that aim to protect data at rest, and in flight. Use the Info-Tech policy template “Mobile Device Acceptable Use Policy” as a starting point for developing an enterprise mobility policy.
Protecting Data at Rest
One of the components of any good mobility policy is how it addresses the protection of data at rest. This includes all data that is stored on mobile devices. The key here is to encrypt all data stored on any mobile device, whether it be a notebook computer, a PDA, a mobile phone, or a mobile storage device (for example, a USB drive or SD storage card). There is often a perception that this is unenforceable, particularly with employee owned devices. However, this is a fallacy, and enterprises must incorporate policies to address any circumstance where corporate data is stored on a mobile device.