Mobile Device Security Policy FAQs for Enterprise

Enterprise Mobile
Image © Michael Coghlan/Flickr.

Question: What Aspects Should an Enterprise Include in its Mobile Device Security Policy?

Mobile security, as all of you are well aware, has become one of the most major issues today, with the enterprise sector being impacted the most by security hacks and breaches. The recent hack attempts on Facebook and more recently, on Sony’s PlayStation Network, go to prove that no matter how careful enterprises are with their data, nothing can be considered totally secure in the cybersphere. The problem is especially complicated when employees make use of their personal mobile devices to access their corporate networks and data. Almost 70 percent of the employee population accesses their corporate accounts with the help of their own mobile devices. This could create a mobile security hazard for the enterprise concerned. The need of the hour is for companies to chalk out a mobile device security policy, so as to minimize the risk of handling personal mobile devices.

What are the aspects an enterprise should think of including in its mobile device security policy?


Here are answers to frequently asked questions on mobile device security policies for the enterprise sector.

What Types of Mobile Devices Can be Supported?

With the huge influx of different types of mobile devices in the market today, it would not make sense for a company to maintain a server that supports only a single mobile platform. It would instead be preferable that the server can support several different platforms at the same time.

Of course, it is necessary that the company first defines the type of mobile devices it can support. Offering support for too many platforms would eventually weaken the security system and make it impossible for the IT security team to handle future issues.

The sensible thing to do here may be to include only the latest mobile devices, which offer better security features and device-level encryption.

What should be the User’s Limit of Accessing Information?

The company has to next set a limit to the user’s right of accessing and storing corporate information received via his or her mobile device. This limit largely depends upon the type of the organization and the nature of information the establishment gives its employees access to.

The best practice for companies would be to give employees access to all the necessary data, but also see to it that this data cannot be stored anywhere on the device. This means that the personal mobile device merely becomes a type of viewing platform – one that does not support exchange of information.

What is an Employee’s Mobile Device Risk Profile?

Different employees tend to use their mobile devices for different purposes. Each one, therefore, accesses differing levels of information with their mobile gadgets.

What the company can do is to ask the security team to identify the high risk users and to brief them on the industry’s security controls, thereby clearly defining the kind of official data they can and cannot access from their personal mobile computing gadgets.

Can the Enterprise Turn Down an Employee’s Request to Add a Device?

Absolutely. Sometimes, it becomes imperative for a company to refuse employees’ requests of adding on particular types of mobile devices to their accepted list. This is especially the case where the industry has to keep its data top secret. Hence, a certain amount of locking down devices becomes necessary for any establishment.

Many enterprises today are looking at virtualization as a possible solution to the mobile security problem. Virtualization lets the employee gain access to all the data and applications, without letting it live on their device.

Virtualization lets employees have a sandbox to store all the necessary information, also letting them remove the same without it leaving a trace on their mobile gadgets.

In Conclusion

As you can now see, it is imperative for all companies to plan and develop clear mobile device security policies. Once done, it is also desirable for enterprises to formalize these rules by asking their legal department to draw out official documents of the same.