Description
Accessing a company network from a mobile device is nothing new. Employees have been doing so for more than a decade, with the company being the arbiter of who had that privilege. But in the past five years smartphone sales have seen marked growth, bringing an increased demand for mobile accessibility. And consumer applications have opened the door to new opportunities for harnessing company data.
Basic Principles for
Increasing Security in a
Mobile Computing Program
Increase Business Productivity and Employee Flexibility
The pitfalls of mobile computing and basic principles for
building a program that increases employee ?exibility,
business productivity and overall peace of mind.
Introduction
Accessing a company network from a mobile device is nothing new. Employees have been
doing so for more than a decade, with the company being the arbiter of who had that
privilege. But in the past ?ve years smartphone sales have seen marked growth, bringing
an increased demand for mobile accessibility. And consumer applications have opened
the door to new opportunities for harnessing company data.
The resulting bene?ts of added ?exibility and productivity can boost a company’s bottom
line. Employees can work during the margins of their schedule: at halftime of their child’s
soccer game, in the customer queue at the corner coffee shop or while waiting for a table
at their favorite restaurant. This has led more employees to use their personal devices for
work, a trend known as BYOD, or Bring Your Own Device.
But when a personal smartphone or other device isn’t properly con?gured or managed,
it becomes a potential source for corrupting or leaking critical business information. The
after-hours work opportunity could lead to con?dential data being left in the restaurant
booth or on the bleachers at the soccer ?eld. For this reason, corporate mobility programs
also come with a cost, primarily in terms of the resources required to secure company
data and manage the mobile devices containing that data.
For corporate IT staff, it can be deceptively easy to respond to this risk by applying
mobile security measures that are excessive in nature, resulting in a productivity tax on
employees that reduces revenue and can affect the bottom line. At the other end of the
spectrum are companies that throw up their hands in resignation and either enact an
inadequate level of security measures or — even worse — none at all.
By applying a few basic principles, companies can create a network that is more secure,
provides an effective device-management solution and gives employees the tools to get
work done on their own terms.
1 Basic Principles for Increasing Security | htcpro.com
Table of Contents
The Growth Potential and Pitfalls of Mobile Computing 3
Best Practices for Embracing a Mobile Mindset 4
HTCpro: Resources and Solutions for Mobile Businesses 5
2 Basic Principles for Increasing Security | htcpro.com
The Growth Potential and Pitfalls of Mobile Computing
The technology industry has seen a steady decline in personal computer sales for the
past two years, while demand for smartphones and tablets continues to rise. Research
suggests this trend will continue for at least the next ?ve years. In many cases, employees
independently purchase a smartphone because they want more personal ?exibility.
Installing consumer applications on their phone to get work done is merely an added
bonus that they take advantage of without the aid or approval of their employer.
The impact of this trend is felt most keenly by corporate IT staff. A global study
commissioned by security provider Symantec Corp. found that 48 percent of companies
consider mobile computing as “somewhat” to “extremely” challenging.
1
As a conse-
quence, roughly one-third of the IT staff at most companies are involved somehow in
managing mobile computing.
Meanwhile, companies of all sizes have started leveraging the increased ?exibility and
potential of their newly mobile workforce to develop and deploy line-of-business
applications designed speci?cally for platforms such as iOS and Android. Symantec also
found that more than 70 percent of companies surveyed have begun, or intend to start,
developing their own applications for sales force automation, enterprise resource planning
and other lines of business, rather than relying on the consumer applications used by
the majority of smartphone owners.
1
Security Concerns
Even with all of the bene?ts of a workforce that is armed with mobile, line-of-business
applications, there is still a real potential to leave the door ajar for a Trojan horse full of
unanticipated costs and security vulnerabilities. This risk is not lost on most IT departments.
Indeed, mobile computing is frequently called out as one of the biggest expenditures of
corporate IT resources as a result of the cost of support.
The same Symantec survey found that mobile computing was the most risky program
launched by companies, with nearly a quarter characterizing the level of exposure they
have faced as “high” or “extremely high.” In terms of ?nancial impact, the average amount
that a company loses each year due to inadequate mobile security measures is $247,000.
1
But for all the potential risks, just over 70 percent of companies still consider mobile
computing as a program that is well worth the investment.
1
1
Source: Symantec White Paper, “2012 State of Mobility Survey,” Feb. 22, 2012
3 Basic Principles for Increasing Security | htcpro.com
Best Practices for Embracing a Mobile Mindset
Among the biggest obstacles IT decision-makers face when devising a security strategy
for a corporate mobility program is a misconception about mobile devices — that they
have the same potential for security risks as a laptop and must therefore be treated as
such, or that there is no possible way to secure them. This can lead to two different, and
generally misguided, approaches to mobile computing security:
• Applying the same security protocols to a mobile device as would typically be
applied to a laptop. The outcome is usually a heavy-handed security strategy that,
while minimizing the potential loss of data, also hinders the ability of employees to
get things done.
• Applying no security protocols in the belief that smartphones cannot be secured
and that the loss of some data is a reality for enabling employees to conduct business
with their mobile device.
What both of these approaches fail to grasp is twofold:
• Whether running on Android, iOS, Windows Phone or another platform, measures
can be taken to increase security on smartphones.
• Mobile devices are distinct from laptops, and therefore require a speci?cally tailored
approach to security.
To be truly effective, the guidelines for developing a mobile computing security program
cannot be easily summed up in a short list. Rather, every company’s approach to security
should be comprehensively tailored in a manner that strikes a balance between its business
needs and the sensitivity of its data. With that in mind, there are seven areas of security
that companies must be sure to address as the core of a successful, comprehensive
mobility program:
1. Data encryption. Whether a company is developing an encryption solution or
purchasing one from a third party, encryption should not impede the usability of
the device. At the same time, encryption solutions must offer a suf?cient level of
protection to help ensure that data remains protected, whether stored on the device
or streaming across a network.
2. Password enforcement. It’s important to ensure that appropriate password protection
measures are in place to assist with controlling access to data on the device. The
complexity of password requirements — such as required length, use of alpha-numeric
symbols and frequency of password change — should all re?ect the sensitivity of the
data to be protected.
4 Basic Principles for Increasing Security | htcpro.com
3. Device management. Some form of fail-safe method for locking down or wiping a
device if it is lost or stolen should be considered. Companies might also think about
using a device-management solution that enables the selective wiping of business
data in the event that an employee leaves the company with their personal smart-
phone and wants to preserve their private data.
4. Compliance and con?guration management. A thorough vetting of mobile applications
ought to be considered, to help ensure that an employee’s device does not jeopardize
the security of the data or the company network. Likewise, policies should be in
place to prevent users from visiting any websites that are a known security risk.
5. Data access. Careful consideration should be given to de?ning appropriate levels
of access. In addition to an employee’s role, other factors to consider are the nature
of the device, whether the person is trying to access data from within the of?ce or
offsite, and what they need to do with the data.
6. Trust and con?dence. The preceding aspects should accrue to provide a level of
comfort and understanding that doesn’t prevent the end user from effectively using
their device.
7. Enablement and ease of use. Rather than focusing on the negative aspects of security
measures, companies must effectively communicate how these measures will enable
employees to get more done, while making their lives easier. To this end, any actions
that must be taken on an employee’s part should be streamlined to increase the rate
of compliance across a company’s workforce.
If all these factors are considered, and related safeguards are put in place, then a company’s
mobile computing program will achieve more than increased security. It will also provide
the corporate IT team with an extensible platform for rolling out updates and new
applications. Further, it will offer the ?exibility and increased productivity that employees
and managers have come to expect, and it will help minimize risks such as loss of
customer trust or diminished performance of company stock due to the leak of con?dential
business information.
5 Basic Principles for Increasing Security | htcpro.com
HTCpro: Resources and Solutions for Mobile Businesses
Creating a mobile computing environment with increased security expands a business’
potential for getting things done. HTCpro™ has been created to help businesses make
the most of that potential by enabling HTC devices to deliver enterprises features,
which offer seamless productivity both out of the box and when paired with line-of-
business applications.
Adoption or expansion of mobile computing initiatives within businesses can bring
many issues to tackle to the forefront. With that in mind, HTCpro works with a variety of
enterprise solution developers that offer industry-leading expertise and offerings across
a broad set of solution areas. And HTCpro works to ensure the compatibility of these
solutions with HTC devices, as well as to help create a user experience that is productive
and enhanced for employees.
Collectively, HTCpro gives IT decision-makers the resources to create a mobile computing
platform with increased security upon which to deploy the business applications that
they need. When used in conjunction with fundamental principles of security, it can
provide employees and executives with the con?dence to work wherever and whenever
they have access.
For more information about HTCpro business features on HTC devices and enterprise-
enabled partner solutions, please visit HTCpro.com; and visit HTC.com see a complete
portfolio of enterprise-ready smartphones.
For media inquiries, please contact:
HTC Media Relations
[email protected]
+1 425 638 7000
6 Basic Principles for Increasing Security | htcpro.com
About the Author
Will Ro
Director, HTCpro
Will supports sales operations activity for HTC North America as well as oversees
growth of sales, technical resource management and partnership formation with the
HTCpro program. He has 15-plus years of experience across enterprise sales, system
integration, wireless, network security and business planning. He has solid experience in
IT integration and how it builds off of business processes. He has a Bachelor of Science
in biochemistry from the University of California, Los Angeles.
7 Basic Principles for Increasing Security | htcpro.com
doc_185463197.pdf
Accessing a company network from a mobile device is nothing new. Employees have been doing so for more than a decade, with the company being the arbiter of who had that privilege. But in the past five years smartphone sales have seen marked growth, bringing an increased demand for mobile accessibility. And consumer applications have opened the door to new opportunities for harnessing company data.
Basic Principles for
Increasing Security in a
Mobile Computing Program
Increase Business Productivity and Employee Flexibility
The pitfalls of mobile computing and basic principles for
building a program that increases employee ?exibility,
business productivity and overall peace of mind.
Introduction
Accessing a company network from a mobile device is nothing new. Employees have been
doing so for more than a decade, with the company being the arbiter of who had that
privilege. But in the past ?ve years smartphone sales have seen marked growth, bringing
an increased demand for mobile accessibility. And consumer applications have opened
the door to new opportunities for harnessing company data.
The resulting bene?ts of added ?exibility and productivity can boost a company’s bottom
line. Employees can work during the margins of their schedule: at halftime of their child’s
soccer game, in the customer queue at the corner coffee shop or while waiting for a table
at their favorite restaurant. This has led more employees to use their personal devices for
work, a trend known as BYOD, or Bring Your Own Device.
But when a personal smartphone or other device isn’t properly con?gured or managed,
it becomes a potential source for corrupting or leaking critical business information. The
after-hours work opportunity could lead to con?dential data being left in the restaurant
booth or on the bleachers at the soccer ?eld. For this reason, corporate mobility programs
also come with a cost, primarily in terms of the resources required to secure company
data and manage the mobile devices containing that data.
For corporate IT staff, it can be deceptively easy to respond to this risk by applying
mobile security measures that are excessive in nature, resulting in a productivity tax on
employees that reduces revenue and can affect the bottom line. At the other end of the
spectrum are companies that throw up their hands in resignation and either enact an
inadequate level of security measures or — even worse — none at all.
By applying a few basic principles, companies can create a network that is more secure,
provides an effective device-management solution and gives employees the tools to get
work done on their own terms.
1 Basic Principles for Increasing Security | htcpro.com
Table of Contents
The Growth Potential and Pitfalls of Mobile Computing 3
Best Practices for Embracing a Mobile Mindset 4
HTCpro: Resources and Solutions for Mobile Businesses 5
2 Basic Principles for Increasing Security | htcpro.com
The Growth Potential and Pitfalls of Mobile Computing
The technology industry has seen a steady decline in personal computer sales for the
past two years, while demand for smartphones and tablets continues to rise. Research
suggests this trend will continue for at least the next ?ve years. In many cases, employees
independently purchase a smartphone because they want more personal ?exibility.
Installing consumer applications on their phone to get work done is merely an added
bonus that they take advantage of without the aid or approval of their employer.
The impact of this trend is felt most keenly by corporate IT staff. A global study
commissioned by security provider Symantec Corp. found that 48 percent of companies
consider mobile computing as “somewhat” to “extremely” challenging.
1
As a conse-
quence, roughly one-third of the IT staff at most companies are involved somehow in
managing mobile computing.
Meanwhile, companies of all sizes have started leveraging the increased ?exibility and
potential of their newly mobile workforce to develop and deploy line-of-business
applications designed speci?cally for platforms such as iOS and Android. Symantec also
found that more than 70 percent of companies surveyed have begun, or intend to start,
developing their own applications for sales force automation, enterprise resource planning
and other lines of business, rather than relying on the consumer applications used by
the majority of smartphone owners.
1
Security Concerns
Even with all of the bene?ts of a workforce that is armed with mobile, line-of-business
applications, there is still a real potential to leave the door ajar for a Trojan horse full of
unanticipated costs and security vulnerabilities. This risk is not lost on most IT departments.
Indeed, mobile computing is frequently called out as one of the biggest expenditures of
corporate IT resources as a result of the cost of support.
The same Symantec survey found that mobile computing was the most risky program
launched by companies, with nearly a quarter characterizing the level of exposure they
have faced as “high” or “extremely high.” In terms of ?nancial impact, the average amount
that a company loses each year due to inadequate mobile security measures is $247,000.
1
But for all the potential risks, just over 70 percent of companies still consider mobile
computing as a program that is well worth the investment.
1
1
Source: Symantec White Paper, “2012 State of Mobility Survey,” Feb. 22, 2012
3 Basic Principles for Increasing Security | htcpro.com
Best Practices for Embracing a Mobile Mindset
Among the biggest obstacles IT decision-makers face when devising a security strategy
for a corporate mobility program is a misconception about mobile devices — that they
have the same potential for security risks as a laptop and must therefore be treated as
such, or that there is no possible way to secure them. This can lead to two different, and
generally misguided, approaches to mobile computing security:
• Applying the same security protocols to a mobile device as would typically be
applied to a laptop. The outcome is usually a heavy-handed security strategy that,
while minimizing the potential loss of data, also hinders the ability of employees to
get things done.
• Applying no security protocols in the belief that smartphones cannot be secured
and that the loss of some data is a reality for enabling employees to conduct business
with their mobile device.
What both of these approaches fail to grasp is twofold:
• Whether running on Android, iOS, Windows Phone or another platform, measures
can be taken to increase security on smartphones.
• Mobile devices are distinct from laptops, and therefore require a speci?cally tailored
approach to security.
To be truly effective, the guidelines for developing a mobile computing security program
cannot be easily summed up in a short list. Rather, every company’s approach to security
should be comprehensively tailored in a manner that strikes a balance between its business
needs and the sensitivity of its data. With that in mind, there are seven areas of security
that companies must be sure to address as the core of a successful, comprehensive
mobility program:
1. Data encryption. Whether a company is developing an encryption solution or
purchasing one from a third party, encryption should not impede the usability of
the device. At the same time, encryption solutions must offer a suf?cient level of
protection to help ensure that data remains protected, whether stored on the device
or streaming across a network.
2. Password enforcement. It’s important to ensure that appropriate password protection
measures are in place to assist with controlling access to data on the device. The
complexity of password requirements — such as required length, use of alpha-numeric
symbols and frequency of password change — should all re?ect the sensitivity of the
data to be protected.
4 Basic Principles for Increasing Security | htcpro.com
3. Device management. Some form of fail-safe method for locking down or wiping a
device if it is lost or stolen should be considered. Companies might also think about
using a device-management solution that enables the selective wiping of business
data in the event that an employee leaves the company with their personal smart-
phone and wants to preserve their private data.
4. Compliance and con?guration management. A thorough vetting of mobile applications
ought to be considered, to help ensure that an employee’s device does not jeopardize
the security of the data or the company network. Likewise, policies should be in
place to prevent users from visiting any websites that are a known security risk.
5. Data access. Careful consideration should be given to de?ning appropriate levels
of access. In addition to an employee’s role, other factors to consider are the nature
of the device, whether the person is trying to access data from within the of?ce or
offsite, and what they need to do with the data.
6. Trust and con?dence. The preceding aspects should accrue to provide a level of
comfort and understanding that doesn’t prevent the end user from effectively using
their device.
7. Enablement and ease of use. Rather than focusing on the negative aspects of security
measures, companies must effectively communicate how these measures will enable
employees to get more done, while making their lives easier. To this end, any actions
that must be taken on an employee’s part should be streamlined to increase the rate
of compliance across a company’s workforce.
If all these factors are considered, and related safeguards are put in place, then a company’s
mobile computing program will achieve more than increased security. It will also provide
the corporate IT team with an extensible platform for rolling out updates and new
applications. Further, it will offer the ?exibility and increased productivity that employees
and managers have come to expect, and it will help minimize risks such as loss of
customer trust or diminished performance of company stock due to the leak of con?dential
business information.
5 Basic Principles for Increasing Security | htcpro.com
HTCpro: Resources and Solutions for Mobile Businesses
Creating a mobile computing environment with increased security expands a business’
potential for getting things done. HTCpro™ has been created to help businesses make
the most of that potential by enabling HTC devices to deliver enterprises features,
which offer seamless productivity both out of the box and when paired with line-of-
business applications.
Adoption or expansion of mobile computing initiatives within businesses can bring
many issues to tackle to the forefront. With that in mind, HTCpro works with a variety of
enterprise solution developers that offer industry-leading expertise and offerings across
a broad set of solution areas. And HTCpro works to ensure the compatibility of these
solutions with HTC devices, as well as to help create a user experience that is productive
and enhanced for employees.
Collectively, HTCpro gives IT decision-makers the resources to create a mobile computing
platform with increased security upon which to deploy the business applications that
they need. When used in conjunction with fundamental principles of security, it can
provide employees and executives with the con?dence to work wherever and whenever
they have access.
For more information about HTCpro business features on HTC devices and enterprise-
enabled partner solutions, please visit HTCpro.com; and visit HTC.com see a complete
portfolio of enterprise-ready smartphones.
For media inquiries, please contact:
HTC Media Relations
[email protected]
+1 425 638 7000
6 Basic Principles for Increasing Security | htcpro.com
About the Author
Will Ro
Director, HTCpro
Will supports sales operations activity for HTC North America as well as oversees
growth of sales, technical resource management and partnership formation with the
HTCpro program. He has 15-plus years of experience across enterprise sales, system
integration, wireless, network security and business planning. He has solid experience in
IT integration and how it builds off of business processes. He has a Bachelor of Science
in biochemistry from the University of California, Los Angeles.
7 Basic Principles for Increasing Security | htcpro.com
doc_185463197.pdf