Implementing a transformative solution like enterprise mobility into your business is a huge task. As we explained over the last month, the first two steps of this process are to profile your mobile workforce and to appoint a Chief Mobility Officer. Now that you’ve got your people in place, it’s time to take up the biggest challenge to adopting a mobility solution: security.
Step 3: Setting Security Policy
In the past, most workers spent the majority of their time glued to their desks. In these situations, network security was mostly straightforward, as it was primarily geared toward managing immobile desktop computers. Users could easily be authenticated onto the network via a simple username and password. But today, CIOs and CTOs are well aware that an increase in the number of mobile workers doing their jobs outside of the secure boundaries of the company translates to increased risk of compromising data security and allowing malicious users access to the corporate network. Therefore, when devising an enterprise mobility strategy, the inclusion of a holistic security approach will be critical to success.
The first step to achieving security is to evaluate security risks and develop a response plan at each point in the end-to-end mobile transaction flow and mobile application life cycle support processes. Once this is done, you’ll realize that there are there are many different pieces that come together to form a comprehensive security policy.
For example, it is important to restrict access to your employee mobile devices through user authentication. Private passwords should be assigned, with complicated syntax requirements and automatic expiration dates. Alternatively, devices can be secured through more sophisticated technology, such as smart cards, biometrics or other similar mechanisms. Uniphore’s voice biometric technology, for example, moves the authentication burden from something the user ‘knows’ to something the user ‘is.’ The voiceprint of a person can’t be stolen, and avoids the problem of remembering long passwords.
Beyond securing the device itself, the data on the mobile device must also be secured. In case of a lost or stolen device, your business must have the ability to remotely wipe its data. However, because of the inevitable time lag between the device being lost and the IT department wiping the information, the data on mobile devices in your network should be encrypted. Data encryption uses a secret key to encode information in a manner that can only be decoded and read by the parties for which it is intended. In cases where wireless devices are accessing servers on the Internet, there are also encryption tunnels, setup when a Hypertext Transfer Protocol (HTTP) connection is established over Secure Socket Layer/Transport Layer Security (SSL/TLS).
One last important element of security is protecting devices from viruses or other malware, which threaten information confidentiality, endangers system passwords, and increases the risk of data loss or compromise. While there are various methods to preventing the proliferation of such hazards, the most common approach is to install virtual real-time anti-virus scanning software. A more intensive approach is to restrict the number and kinds of applications that can be downloaded onto the employee’s mobile device. Your business can make a list of the kinds of applications you trust, and those that are prohibited. However, if this latter approach is taken, it’s important to consult the users about their needs on their mobile phone, so that you do not affect productivity or satisfaction.
Once these policies are in place, your business will have a tight level of security, control and visibility into the mobile devices in your network. However, in order to drive the most effective deployment of these policies, you must educate your employees about the vulnerabilities of mobile devices and the implications to the company if they fall into the wrong hands or are used in an insecure manner. Combined with the right IT strategy, training and support of your staff will enable you to have the most robust, reliable security protocols in place.
About Uniphore: Uniphore Software Systems is the leader in Multi lingual speech-based software solutions. Uniphore’s solutions allow any machine to understand and respond to natural human speech, thus enabling humans to use the most natural of communication modes, speech, to engage and instruct machines. Uniphore operates from its corporate headquarters at IIT Madras Research Park, Chennai, India and has sales offices in Middle East (Dubai, UAE) as well as in Manila, Philippines.