Saturday, September 03, 2005

Secure Mobile Phones

Former Yankee Group analyst Mark Lowenstein, now at his own shop Mobile Ecosystem, writes an article for Techworld.com on what enterprises need to do to implement a more comprehensive company mobile security strategy. With the challenge enterprises face managing the influx of new mobile devices and handsets as duly noted earlier by Dan Taylor in his Mobile Enterprise Weblog, Lowenstein recommends companies take the following steps:

  • Start thinking about mobile device management. Focus on protecting any device that is considered a company asset or contains potentially sensitive data or content.
  • Develop mobile policies. Think about how you should manage employees' personal use of their mobile devices. Are you prepared to pay for picture sharing or game downloads? What about access to inappropriate content?
  • Start thinking about anti-spam and anti-virus capabilities. Operators have done a pretty good job of blocking most Short Message Service spam, but the onus will increasingly spread to the company with the broadening of message quantity and type. Also, device-based virus protection will become a necessity for any operating system-based phone in the next 12 to 18 months.
  • Develop a key point of contact at the carrier. Find out whom to contact, at least as an initial triage point, should a mobile security breach or loss of data occur.
As mobile devices become ubiqutious in the enterprise, especially for non-voice applications, Lowenstein rightfully advocates that companies need to incorporate them into the "broader corporate IT security framework."