Guidelines Help Enterprise Organizations Empower Mobile Workers While Enforcing Policies and Keeping Data Private

RedCannon Security, a trusted provider of centrally-managed, secure mobile-access solutions for the enterprise, announced the Six Laws of Mobile Security. The Laws are a common sense framework for how enterprises can assess their mobile security best practices to protect private data, while enabling the use of mobile devices such as USB drives.

Until recently, the proliferation of small and inexpensive mass storage devices and their potential for data loss had been under the radar of most senior managers. The prevalence of laptops, PDAs, and other mobile devices in the enterprise coupled with the explosion of wireless connectivity options, has led to significant support issues and security risks. Mobile devices need to be managed and secured. While the cost of replacing the devices is relatively insignificant, more and more users store sensitive information on these devices, and therein lies a serious data leakage threat. The fact that mobile devices can introduce malware including keyloggers and Trojans into the corporate network compounds the problem.

The majority of companies have not taken steps to address these issues. According to a recent analyst report, only 9 percent of companies have deployed mobile management tools, while another 20 percent are piloting or plan to deploy mobile management tools within the next 12 months. Additionally, about 40 percent of enterprises have no policies in place regarding mobile security.

The Six Laws of Mobile Security includes best practices and tips for enterprises worldwide, as they seek to improve their mobile efficiency, reduce remote access threats and prevent data leakage:

  1. Define Acceptable Use -- Organizations must implement security policies
     for portable devices that cover remote access, authentication, device
     storage, acceptable use and encryption.

  2. Educate Employees Frequently -- Often, employees see security policies
     as barriers to productivity, unless they fully understand the risks and
     the importance of reducing these risks. Security awareness campaigns
     are key to helping staff understand the reasons for the policies and to
     become active partners in security. Education programs should focus on
     the risk the policy is designed to mitigate and demonstrate how
     appropriate controls protect the employee. Training programs should
     also be augmented with regular communication of new threats,
     vulnerabilities, policies and individual accountability.

  3. Manage Mobile Devices Centrally -- Many organizations are not even
     aware of the number of devices connecting to their networks, or from
     where. Centralized management of mobile devices enables organizations
     to track usage and enforce security policies remotely, including the
     ability to lock a mobile device after a number of incorrect attempts to
     guess a password, or destroy data when a device is reported lost or
     stolen.

  4. Encrypt Mobile Data -- Before implementing a security solution to
     manage ports and control devices, IT managers should also sketch out
     how encryption fits into their plans, including how encryption should
     be implemented, who must encrypt data, from where users can access
     encrypted data, and how much responsibility falls on the user to
     encrypt data.

  5. Control Ports -- Companies must control USB ports to ensure that only
     authorized drives are used with corporate computers. However, the
     knee-jerk reactions of the past, such as gluing USB ports shut or
     otherwise disabling USB ports, can impact productivity significantly.
     This is also no longer viable because these ports are required for key
     peripheral devices including keyboards, mice and printers.  Employees
     need access to these ports to do their jobs. IT professionals should
     employ a whitelist approach, allowing only authorized devices to
     connect.

  6. Secure Remote Access -- Mobile security programs should include defined
     policies for remote access, including acceptable network connection
     methods and authentication policies. Who is allowed what type of
     access, and to what specific data? One way to extend secure
     authentication beyond passwords is to implement some form of two-factor
     authentication, and secure, one-time passwords such as SecurID tokens
     from RSA.

"Industry research indicates that the average cost of a data leak incident is over $1.8 million, and organizations are realizing the serious vulnerabilities that untracked, unmanaged mobile storage devices introduce to enterprise data security," said Vimal Vaidya, CEO at RedCannon. "Clearly communicated deployment and usage policies, applied in tandem with centralized device tracking and management helps IT organizations and all employees make more intelligent decisions about mobile computing and greatly reduce the associated risks."

About RedCannon Security

RedCannon Security is a trusted developer of centrally managed, secure mobile-access solutions for the enterprise. Its ultra-thin client instantly secures and sanitizes any point, anywhere. RedCannon extends security policies beyond the network perimeter, allowing policy enforcement to travel with the user. Its solutions support leading industry standards for encryption and authentication and enable secure remote access to enterprise applications, while leaving no trace of user activity on the host computer. Its award-winning product line includes KeyPoint Access, KeyPoint Armor, KeyPoint Vault, KeyPoint Manager and KeyPoint Alchemy. For more information, please visit: http://www.redcannon.com/.

Source: RedCannon Security