Keeping mobile devices and data secure.
Security concerns are one of the biggest
challenges to deploying business mobility.
Let’s change that.
In an ideal world, nobody would have to bother with security. Unfortunately, with new breaches and data leaks and vulnerabilities popping up seemingly every other day, security is not something you can afford to ignore. Furthermore, mobile security introduces another layer of concern – mobile devices operating in the wild, beyond the safety of the corporate network. Little wonder that security is the biggest barrier organizations face in pursuing mobility solutions1, and an easy rationale for pushing innovation off until the next quarter or fiscal year.
It doesn’t have to be this way. Security is a risk that can be prepared for and defended against. It’s a concern that, with the proper mechanisms and safeguards in place, can be managed. Let’s take a look at some of today’s mobile security concerns, as well as steps you can take to head them off.
The most fundamental level of mobile security is the physical security of the device itself. Mobile devices are far easier to steal, misplace or leave somewhere than their more stationary counterparts. It’s exceedingly rare for a business traveler to experience the sinking realization that they’ve left their desktop in the back of a cab, but it happens every day with tablets, laptops and smartphones.
Security locks can go a long way to deter outright theft, and if you’re going to be deploying mobile devices in an environment where they may “walk off”, such as a hospital or retail store, it’s certainly worthwhile to insist on business-grade devices, as most consumer tablets and phones lack the requisite security slot.
Of course, locks will be perfectly useless at preventing distracted employees from leaving devices in cabs, airport lounges and all manner of places. That’s why it’s critical to have a solid mobile device management system in place. This allows IT to remotely locate, erase, and even completely brick lost devices. More advanced systems can brick various devices even when they’re powered off, and feature mobile interfaces that let administrators do what needs to be done anywhere, at any time, from the office to the sidelines of little league games.
Ultimately the ability to move fast and brick things can be the difference between a lost device and a security breach. But what happens when an employee doesn’t or can’t report a missing device, or when it’s being threatened by other means?
That’s where data security comes in.
Data security is all about protecting the data on the device and accessed by the device, and it takes a couple of forms to prevent unauthorized access and defend against various cyberattacks. On the software side, security can run the gamut from login credentials to OS-level encryption, VPN use for secure communications on public networks, and the security capabilities built into individual apps. To further harden devices against attacks that can expose data and compromise internal security, many feature hardware-level security features such as Trusted Platform Modules, Intel® vPro™ 2 technology, and our own HP SureStart BIOS-level self-healing protection. On the backend, the same mobile device management system that can be used to wipe lost devices – such as HP Touchpoint Manager3 - can also be used to wipe compromised devices.
Of course, data security is only effective if it is actually utilized, and all too often, it’s not. For example, a recent Ponemon Institute study found that, while 88% of healthcare organizations store personal health data on mobile devices, nearly 40% take no steps to secure those devices4. Yes, seriously.
What’s right for your organization will depend on several variables – from regulatory concerns to the sensitivity of the data to whether or not employees are allowed to access said data from personal devices – but above all else, do something. It may well save your data…and your hide.
Beyond data, there’s identity security. Credentials and access must be kept secure. After all, the toughest locks in the world won’t stop somebody who has a key. By far the simplest way to keep identities secure is to use multi-factor authentication. Think back to those locks. Someone may have a key, but what are the chances they have a key and the alarm code, or the rapport with the guard dog? That’s multi-factor authentication in a nutshell. What the factor is can vary – it may be a password and a pin, or a password and a biometric factor like a fingerprint, or a Smart Card – but the simple step of adding a second authentication factor to the equation makes it extremely difficult for cyberattackers to use stolen credentials to break into systems.
From the IT standpoint, there’s another perk to identification security and multi-factor authentication. It’s not really something users can shirk. It’s a requirement to use a device or to access needed data. It’s a way, in other words, to strengthen the weakest link in mobile security – the person using the device.
This, of course, barely scratches the surface of mobile security. Be sure to check back for deeper exploration of business mobility and mobile security in the coming months, and explore the rest of our Mobility Insights for more information and inspiration on how mobility solutions can help you grow your business.
Lisa Ellis, Greg Gilbert, "The mobile disruption: The next enterprise IT shake-up," McKinsey & Company, www.mckinsey.com/insights, June 20122
Intel and vPro are registered trademarks of Intel Corporation.3
HP Touchpoint Manager supports Android™, iOS and Windows operating systems and PCs, notebooks, tablets and smartphones from various manufacturers. Not available in all countries, see http://www.hp.com/touchpoint for availability information. Touchpoint Manager requires purchase of a subscription. Out-of-band HP only Wipe, Lock, Unlock and reporting of BIOS boot error codes is planned to be available on select HP EliteBooks and requires an internet connection, Intel® vPro™ technology and functions in S3/Sleep, S4/Hibernate and S5/Soft Off power states. SATA drives are wiped. Self Encrypting Drive encryption keys are removed rendering the data inaccessible.4
“Fourth Annual Benchmark Study on Patient Privacy & Data Security,” Ponemon Institute, ID Experts, March 2014
© 2015 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice. HP shall not be held for technical or editorial errors or omissions contained herein.