BlueFort Security Ltd -

For the next couple of weeks, we are going to focus on the move towards mobile working and explore the impact that this could have on existing security processes.

First of all, we need to ask the question “What is a Mobile worker?”

The answer today is different to what it would have been five years ago. Back then, a mobile worker would most likely have had a corporate issued laptop, or maybe a company owned Blackberry, used predominately for email. Perhaps other workers would have had limited access to web based applications such as email from home. A mobile user five years ago was someone that accessed corporate data from outside of the network from a non-fixed location, from a supported (ie Windows or Blackberry) device.

Today the situation is far more complex. A mobile worker could have a tablet device like an iPad or they may have one of a number of much more complex smartphones, running a variety of different OS types of differing versions such as Android or iOS. On top of all this, you still have your traditional laptop and Blackberry users.

So to answer the question today, a mobile user is someone that accesses corporate data from outside of the network from a non-fixed location, from ANY device.

To develop a Security Policy for mobile workers, you need to consider these questions:

• Who do you give access to?
• What data is a given user allowed to access?
• Which applications should a user access?
• Can you prove authentication for the user?
• From what device type?
• What is the minimum allowable security standard of a device type?
• What steps are taken to secure any residual data on the device?
• What happens if the device is lost or stolen?
• Who owns the device?
• How do you maintain compliance?
• How do you log and audit mobile users?

The thing that you should notice about these questions is that they are the same questions that should always have been considered for mobile users. There is nothing new here. These are all considerations that should have formed the basis of a Mobile Security Policy.

In general terms, Mobile Security Policies should be reviewed much more regularly than your general Security Policy as the devices and capabilities are evolving rapidly – who would have believed even a year ago that iPads could be considered as suitable for Enterprise use for example?

In our next article, we will explore the steps needed to translate these policies into a technical solution. If you cannot wait that long, please call us to discuss today!