News Stay informed about the latest enterprise technology news and product updates.

Enterprise mobile security: Clear and thorough data usage rules key

Participants in the latest #GRCchat discuss the importance of transparent data access and management policies to protect enterprise mobile security.

Mobile device use in the workplace is now common as employees -- and their bosses -- enjoy the business benefits of staying connected anytime, anywhere. But as consumer-targeted devices have worked their way into the corporate setting, enterprise mobile security is an increasing concern: Devices are vulnerable to data breaches, but too-strict mobile security controls could offset the perks of using them for work purposes.

In this month's SearchCompliance #GRCchat, we asked participants about the best mobile device management processes to protect company data. Many touted the importance of a thorough, transparent mobile policy that clearly outlines what corporate data can be accessed and how it is managed on these devices. Without it, companies risk a "Wild West" scenario whereby employees access company data on mobile devices without regard to the potential security issues:

When asked what to include in that policy, #GRCchat participants suggested a wide range of possible mobile security precautions. Remote wipe capabilities and secure access topped the list of security measures, but #GRCchat-ers also stressed the importance of keeping the security policy flexible to better adapt to the constantly evolving threat landscape.

Regulatory compliance should also be top-of-mind when implementing mobile device management strategy. Mobile device use in the workplace creates numerous compliance challenges, forcing companies to consider data management precautions to avoid regulatory issues:

#GRCchat participants also provided mobile device management tips to help offset these compliance risks, though at least one noted the difficulty of describing adequate mobile security and compliance measures within Twitter's 140 character limit:

What is your advice for businesses trying to protect enterprise mobile security? Join the discussion by adding your thoughts here, or by using the #GRCchat hashtag on Twitter.

For more coverage of this month's #GRCchat, follow @ITCompliance on Twitter and read our recaps on device management and enterprise mobile security.

Next Steps

Learn why e-discovery is complicated by vendor management and how social media information policy development is vital to big data discovery.

Dig Deeper on ID and access management for compliance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What are mobile security policy "must-haves" for organizations that allow personal device use in the workplace?
1) At least one additional layer of security for any sensitive information, beyond what just unlocks the phone so you can use it. 2) Not everything goes on mobile devices - if it's not cleared for access, don't put it on your phone. 3) Don't use the camera in the workplace without explicit permission to do so. 4) One phone, one person. Phones are not to be traded or borrowed, even if you really, really need to just this one time in order to finish an important project. 5) Phones should not be left lying around - they're too easy to steal.