Sometimes mobile security practitioners get so involved in the technical minutia of their missions that they miss the forest for the trees. That’s why documents like the National Institute of Standard and Technology’s recently released “Guide to Enterprise Telework, Remote Access And BYOD Security” are so useful because they serve as a reminder of the big picture.
As our story NIST Updates BYOD Guidelines: Five Recommendations for Protecting Enterprise Data and Systems in Android Secured points out, NIST has updated its advice for federal agencies that permit the use of personally owned mobile devices at work. Not one of the five recommendations that NIST offers up in the report covers particularly new ground. Still, the document is important because it highlights the issues that administrators need to keep in mind when planning and implementing enterprise mobility security controls.
For instance, says NIST, when planning telework related security controls and policies, work on the assumption that the external environment is an untrusted, hostile environment. Clearly define your mobile and BYOD policies, and let employees know which forms of remote access are permitted, the type of devices that are permitted and the workers who are allowed to use these devices. Also ensure that remote access servers are properly configured and capable of enforcing policies, and consider implementing a separate, dedicated network for BYOD users.
Fundamental as some of it might seem, it is often a failure to pay attention to such mobile security basics that lands organizations in all sorts of trouble.
In other news, the Wall Street Journal had an eye-opening report on the impact that Android handset makers are having on Google’s efforts to push encryption. At a time when nearly 95% of iPhones in use have encryption, less than 10% of Android phones are encrypted, because many handset makers apparently are concerned about encryption impacting device performance.
Read Legacy Systems Integration Biggest Challenge to Enterprise Mobility Implementation for info on Enterprise Mobility Exchange’s report on what organizations say are the biggest impediments to implementing a mobile strategy. Contrary to what some might expect, security is not the biggest issue. In fact, it ranks sixth, behind legacy systems integration, management buy-in, change management, budget constraints and alignment with different technology providers.
Google has made a really early version of its Android N operating system available to developers so they can tinker with it and give feedback on some of the new features that the company plans to introduce with it. Among the several updates in the new operating systems are security features like a Turn-off Work Option and an Always-On VPN capability that help Android for Work users protect business data on their personal phones. Take a look at New Security Features in Android N Include Turn-Off Work Option, Always-On VPN Support for a quick rundown on some of the other security enhancements in Android N.
Rounding off the list of top stories in Android Secured this week is a report on a new exploit developed by researchers at Michigan State University showing how the fingerprint sensors on some Android devices can be easily bypassed by – get this – an off-the-shelf printer and some silver conductive paper. Read Unlocking a Mobile Phone With a Printed Fingerprint Gets Easier for yet another report showing how technologies that we think are foolproof so often aren’t.
For more about today’s IT security challenges and solutions, join us for our free Executive Panel: Security, Productivity, and the Cloud webcast April 27 at 11 a.m. EDT. You’ll gain key insight from David Kleidermacher, Chief Security Officer at BlackBerry, and John Hewie, National Security Officer at Microsoft Canada, on how to balance security with productivity, take more control over your data security and more. Reserve your place by registering today.