Protecting business data with smartphone security

Embracing EMM, BYOD and MAM solutions will be vital for businesses in an increasingly mobile world.

Data breaches and cybersecurity threats are just some of the biggest security roadblocks that modern businesses are facing. These roadblocks must be overcome, and soon, in order to help organisations keep people, information and goods safe.

Mobility is changing the way people work and collaborate, and can often be a key factor in these security roadblocks. Smartphones have become indispensable to business productivity, enabling employees to connect to practically any sort of business data, document, or person they need, anytime and from any location. What’s more, employees need to be able to engage with sensitive business data on their personal devices to ensure work is done productively. Therefore, businesses must be able to confidentially enable their employees to transmit data between multiple endpoints without compromising security, compliance or usability.

This rise in the use of personal mobile devices in a business environment doesn’t come without its challenges, and the main concern with having this valuable business information at employees’ fingertips is that it’s more challenging than ever before to protect it. Employees who are not educated about how to use their mobile devices safely and securely in a business environment can cost businesses financially, both in the long and short term. As a result, ensuring that corporate data is safe and secure is more important now than ever before.

A recent survey by security vendor iPass revealed that a growing number of organisations are banning their employees from using public Wi-Fi services to access corporate data and services in a bid to keep their sensitive business data safe and secure. A huge 62 per cent of respondents said that they had already banned such use, while another 20 per cent indicated plans to do the same soon. The need for these bans can be put down to BYOD (bring your own device) policies. BYOD has arguably brought with it increased security risks, and businesses must work closely with their employees and IT to mitigate these risks, in turn developing a well-thought-out mobility policy and strategy.

Implementing such policies and strategies allows businesses to govern the management of all devices, even those that are traditionally unsupported. There are of course a handful of measures that employees can take themselves in order to ensure their smartphones are secure for work purposes, however the onus is not entirely on them. The National Institute of Standards and Technology (NIST) suggests that all businesses should work on the assumption that any external environment has the potential to be untrusted and hostile, including seemingly harmless public Wi-Fi services.

With this in mind, it is essential that businesses clearly define their mobile and BYOD policies from the start, informing employees of the various forms of remote access and types of devices that are permitted, as well as the individual workers who have the appropriate permissions to use these devices. It is also essential to ensure that remote access servers are accurately configured and capable of enforcing policies, alongside considering the implementation of a separate, dedicated network for BYOD users.

Alongside a comprehensive BYOD policy, businesses should look to implement a secure EMM (enterprise mobility management) solution. These solutions are beneficial to businesses as they protect corporate content through device-independent FIPS-validated encryption. Without containerisation, copies of a user’s work are placed in each app they use, and these copies remain unencrypted until they are saved to disk.

The issue remains, however, that users don’t always save their work as they move between applications, meaning that unencrypted copies of potentially critical documents can be strewn all over mobile filesystems, and are easily recoverable by hackers if a device is lost, stolen, or infected with malware.

Content can also be protected over-the-air between the corporate network and the device using a dedicated secure connection that does not rely on DMZ (demilitarised zone) relays or native transport such as HTPS, SSL, or TLS. Because DMZ relays require open inbound firewall ports, and native transport options have been hit by public exploits such as Heartbleed and GotoFail, this means businesses can instead rely on their own secure network. Any issues with over-the-air security are thus mitigated with ease, and all corporate content remains secure.

Authentication is also another aspect to consider, as it is not necessarily ironclad, and credentials can still be stolen. With EMM, all data is stored in the container, where corporate credentials and application configuration data (i.e., IPs, hostnames, URLs) are encrypted by default. As a result, authentication does not rely on the data that is stored on the OS keychain, nor are the credentials of the domain stored on the device in a potentially unsecure manner.

User experience is also important, but is sometimes neglected in favour of other aspects such as anti-virus software. Regardless, a good user-experience is vital in order to ensure that devices remain secure; after all, security is no good if it impedes your employees. A secure EMM suite enables this as there is no need for a complex device passcode, and IT can manage and apply appropriate policy controls to individual applications.

Similarly, if IT needs to perform a jailbreak or root test, they can do so with ease, without using battery-draining location services. There’s no need for an application blacklist either, as apps secured within EMM systems can be restricted from communicating with unapproved apps.

Finally, business should look to introduce a Mobile Application Management (MAM) solution into their security plans. MAM gives enterprises even more options for enabling mobility in BYOD environments, without compromising security or user privacy along the way. Containerisation, a key component of MAM, protects all critical enterprise data with full end-to-end encryption that is independent of the underlying device. This means that all devices, regardless of the operating system, version, or manufacturer, receive the same level of security.

Embracing EMM, BYOD and MAM solutions will be vital for businesses seeking to tackle cyber security in an increasingly mobile world. These solutions give businesses the peace of mind that they are completely in control of the security of their sensitive business data, regardless of the device it is sitting on. Cyber-attacks on mobile devices are showing no signs of going away or slowing down, and as technology continues to evolve there will always be a community of hackers developing malicious software.

However, with the support of secure EMM, BYOD and MAM solutions, businesses and their employees can rest assured that their data is kept safe and secure at all times.

Florian Bienvenu, Senior Vice President, EMEA Enterprise Sales, BlackBerry

Image source: Shutterstock/wk1003mike