Mobile device use in the workplace is now common as employees -- and their bosses -- enjoy the business benefits...
of staying connected anytime, anywhere. But as consumer-targeted devices have worked their way into the corporate setting, enterprise mobile security is an increasing concern: Devices are vulnerable to data breaches, but too-strict mobile security controls could offset the perks of using them for work purposes.
In this month's SearchCompliance #GRCchat, we asked participants about the best mobile device management processes to protect company data. Many touted the importance of a thorough, transparent mobile policy that clearly outlines what corporate data can be accessed and how it is managed on these devices. Without it, companies risk a "Wild West" scenario whereby employees access company data on mobile devices without regard to the potential security issues:
The biggest mistake organizations make with BYOD is not having a clear, simple statement of what is and is not allowed A1 #GRCchat— Mike Chapple (@mchapple) September 18, 2014
BYOD policies must clearly describe WHO may use WHAT devices WHERE on the network and WITH what enterprise data & apps #GRCchat— Mike Chapple (@mchapple) September 18, 2014
When asked what to include in that policy, #GRCchat participants suggested a wide range of possible mobile security precautions. Remote wipe capabilities and secure access topped the list of security measures, but #GRCchat-ers also stressed the importance of keeping the security policy flexible to better adapt to the constantly evolving threat landscape.
A1 All the usual suspects: Secure remote access, data leak protection, access management – policy must be transparent/flexible too #GRCchat— Ben Cole (@BenjaminCole11) September 18, 2014
A1 (cont) Policy should also include steps/processes to ensure encryption and remote wipe capabilities in case of a data leak #GRCchat— Ben Cole (@BenjaminCole11) September 18, 2014
Regulatory compliance should also be top-of-mind when implementing mobile device management strategy. Mobile device use in the workplace creates numerous compliance challenges, forcing companies to consider data management precautions to avoid regulatory issues:
#GRCchat participants also provided mobile device management tips to help offset these compliance risks, though at least one noted the difficulty of describing adequate mobile security and compliance measures within Twitter's 140 character limit:
#grcchat A2: A large/diverse Q for 140 chars. Encryption at-rest, in-transit, and cloud. Backups to 3rd-party clouds. (1/2)— Forvalaka41 (@Forvalaka41) September 18, 2014
#grcchat A2: Data classification and retention, industry-specific regs from SOX to 21 CFR part 11 and beyond. (oops 2/3 now)— Forvalaka41 (@Forvalaka41) September 18, 2014
#grcchat A2: Any app or process flow w/ digital signatures needs real authentication, strong encryption, etc. (3/3)— Forvalaka41 (@Forvalaka41) September 18, 2014
For more coverage of this month's #GRCchat, follow @ITCompliance on Twitter and read our recaps on device management and enterprise mobile security.