Balancing the mobile security high-wire
Companies can no longer afford to neglect the importance of securing their mobile devices in a world where smartphones are able to access an increasing amount of sensitive and critical enterprise data.
That’s according to Deon Liebenberg, Regional Director for Sub Sahara Africa at Research In Motion (RIM), the company behind the BlackBerry® solution. He says that companies need to ensure that they put security measures in place that allow them to strike an optimal balance between too little security and between security measures that restrict end-users from achieving business benefit from their devices.
Says Liebenberg: “On the one hand, a lack of understanding mobility may prompt companies to take an overly cautious approach to mobile security – all features and functions of the smartphone are locked down, long and complex passwords are required, access to email is provided and all applications are banned.
“On the other hand, too little security stems from IT administrators looking for the path of least resistance. Users are not expected to use password protection and are allowed to install any apps they like on their devices.”
Sometimes both approaches can even be found within one organisation, with say 10% of users falling under ‘too little security’, such as executives and IT staff, while 90% of the organisation is restricted by too many security measures.
Says Liebenberg: “There is a balance to be struck between demands from partners, customers and management to ensure that sensitive data is treated securely, including when it is mobile, and from users for always-on, always-connected mobility.
“Users want to download and access applications and have instant access to their calendar, email, contacts and intranet/extranet. With these new realities – for which demand is only going to grow – come new approaches to mobile security.”
Liebenberg says that companies can win the support of end-users for their security policies by making them as transparent as possible, ensuring they do not cripple functionality and designing them to help users be more productive.
If a device is locked down too tightly, users will simply reject it, which then puts pressure on the organisation to introduce devices that cannot be secured or controlled. If the device is left too open, then potential risk is introduced into the enterprise.