Compliance officers' next big headache: Securing mobile applications

Compliance officers' next big headache: Securing mobile applications

With the flood of BlackBerrys, Droids, iPhones and iPads pouring into corporate accounts the past couple of years, it’s safe to declare that mobile devices are the new enterprise desktop.


Kevin Beaver

But along with the greater flexibility and productivity that users gain from these devices, comes yet another challenge for compliance officers: tracking and properly securing mobile applications running on them.

These applications figure to be a varied mix of business and personal. They will range from applications meant for just goofing off to ones responsible for processing sensitive business information. Some will store data locally, while others will do so in the cloud. Many of the business applications will be produced in-house, while others will come from

    Requires Free Membership to View

    Login

    When you become a member, my editorial team will provide you with expert insight for creating and maintaining a manageable compliance infrastructure.  From targeted tips to webcasts and discussion forums, we have you covered.

    Scot Petersen, Editorial Director, SearchCIO-Midmarket.com

    By submitting your registration information to SearchCompliance.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCompliance.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

trusted and untrusted third parties.

If you haven’t formulated your thinking for securing mobile applications, don’t fret -- few compliance officers have. But I would advise you to get moving on it. The problem is going to get worse before it gets better. Why? All “simple” servers, desktops and systems in between have always proven to be major headaches for IT professionals.

More mobile computing resources

Can mobile device security include risk management and compliance?

FAQ: What impact do mobile computing devices have on IT compliance?

So, how exactly do you get your arms around the problem of securing mobile applications? There are a couple of approaches you can take. You can standardize on one mobile platform and so deal with a finite and trusted set of mobile apps. What’s tricky about this approach is that you’re going to get pushback, and people are going to use their own personal devices -- regardless of what’s officially supported. That’s an uphill battle that may not be worth fighting.

The other approach is to support multiple platforms and hope for the best. Hope as a strategy may work in politics, but not so much in security and compliance. You’ve got to achieve a reasonable balance that is shaped by a long-term perspective.

This leads me to the 10 steps you need to take to gain and maintain control of mobile applications in your environment:

  1. Get management on board. Without the support of management, you’ll be yelling at the mountaintops to no avail.

  2. Determine how mobile computing is being used in your environment and how it can help your business down the road.

  3. Decide on which mobile devices and applications best align with your business needs and then standardize on specific hardware and software.

  4. Ask your vendors, especially software vendors, tough questions about an application's security capabilities and any compliance gaps it may cause.

  5. Find out what sensitive personally identifiable information and other regulated information is stored and processed in your mobile environment.

  6. Analyze how this information is at risk.

  7. Take advantage of the controls built into your mobile devices, or invest in a third-party solution to address the risks you uncovered.

  8. Establish a set of best practices for mobile users and make sure they are enforced.

  9. Review your mobile environment every quarter or once a year to see what needs to be tweaked or overhauled.

  10. Regularly remind users of what there is to lose and how their choices can prevent or facilitate such problems.

This is a proven method for securing information, regardless of the platform. Just keep one thing in mind: It’s not foolproof. Given the pervasiveness of mobile devices and the inherent difficulties in controlling them, it’s only a matter of time before the inevitable happens.

It would be better to say you made the effort to put a good system in place, rather than having to admit you did nothing at all.

Kevin Beaver is an information security consultant and expert witness, as well as a seminar leader and keynote speaker at Atlanta-based Principle Logic LLC. Beaver has authored/co-authored eight books on information security, including The Practical Guide to HIPAA Privacy and Security Complianceand the newly updated Hacking For Dummies, 3rd edition. In addition, he’s the creator of the Security On Wheelsinformation security audiobooks and blog.Let us know what you think about the story; email Ed Scannell, Executive Editor, at escannell@techtarget.com

This was first published in January 2011

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top