Feeds

Mobile security: the right way and the wrong way

Should users be pushed or pampered?

  • alert
  • submit to reddit

Security for virtualized datacentres

Mobile workshop The team here at Freeform Dynamics has reviewed a lot of projects and gathered a lot of feedback from organisations implementing mobile technology over the years. One of the things we hit on in a report we put together earlier this year was how importance it is to engage and train users to minimise mobility related security risks in the right way.

The "human factor" is, in fact, important to get your head around in across the mobile space, and there's a general consensus among those with more experience of mobile working projects that you ignore this at your cost. The message we hear time and time again is that you need user input when specifying solutions to ensure that devices and applications are fit for purpose and will actually be used as intended to deliver the result you are looking for. You also need users to cooperate in terms of behaviour and practices to keep both risks and cost under control.

One Reg reader, Brett, summed up a lot of what we would regard as best practice in relation to user involvement in a recent mobile workshop post. Here is an extract from what he said:

"I treat our user community as adults. That means that I (as CIO) discuss their needs with them, listen carefully to what they want and what their issues are, then provide a list of solutions that covers their needs. Things like security, confidentiality, improper use of corporate assets - these are open and thoroughly explored, with feedback from the users individually as well as a community incorporated into our mobile technology planning. And it has paid off handsomely for us: our users understand the fundamental issues we're addressing from the company standpoint and have been remarkably resistant to misuse of corporate resources - mainly because we insure that the company takes care of their personal needs as well. We have a consistent set of policies that cover ALL aspects of personal communications, most of which reflects the user's requirements as well as the common corporate goals."

You can read the rest of Brett's post here, along with some other very good feedback from readers.

But does all this just amount to "pampering" users unnecessarily?

Well, some might think so and advocate a more dictatorial approach by the IT department in which users "get what they are given". Others might like the idea of a collaborative approach, but just think it is impractical in their environment, which is fair enough - Brett, after all, works in a relatively small company, and at the other extreme, getting sensible input from a user base of hundreds or thousands can be a challenge.

Whatever you view of what's desirable or possible, though, we appreciate hearing it, so if you have a minute, why not let us know what you think in our latest poll below:

READER POLL

How many employees do you have in your organisation that connect to your systems or applications from a handheld wireless device for business purposes?

None
1-10
10-50
50-250
250-1,000
More than 1,000

How do these users break out between "professional" and "blue collar" workers (forgive the gross categorisation here, just trying to get a flavour of your installation)?

Exclusively professional
Mostly professional
Even mix
Mostly blue collar
Exclusively blue collar

To what degree have you standardised on devices for professional workers in particular?

We are highly standardised and only support a single model of device
We have a range of standard models that we issue according to user role and need
We have a range of standard models that users can select according to preference
Users can select any device they want, provided they meet certain criteria
Users can select any device they want, with no restrictions
Not applicable

If you have any level of standardisation, to what degree are professional users involved in the standardisation process?

Users drive the process and IT has to fall into line
Users drive the process, but take IT opinion on board
Users and IT collaborate and drive the process together
IT drives the process, but takes user opinion on board
IT drives the process and users have to fall into line

How effective do you think your current policy is at meeting business requirements on a scale of 1 to 5?

1 - Totally Ineffective
2
3
4
5 - Totally Effective

What about meeting the requirements of the IT department in terms of maintenance, management, support and so on?

1 - Totally Ineffective
2
3
4
5 - Totally Effective

As you look forward, do you think your policy needs to change to provide:

More freedom of choice to professional users
Less freedom of choice to professional users
Neither – we have it about right
Not relevant

And with regard to the selection of standard devices, how should your policy change here (if relevant)?

More involvement from professional users
Less involvement from professional users
Neither – we have it about right
Not relevant

Any other thoughts, comments or recommendations?

Thank you, we'll report back at the end of the week.

Internet Security Threat Report 2014

More from The Register

next story
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
Surprise: if you work from home you need the Internet
Buffer-rage sends Aussies out to experience road rage
EE buys 58 Phones 4u stores for £2.5m after picking over carcass
Operator says it will safeguard 359 jobs, plans lick of paint
MOST iPhone strokers SPURN iOS 8: iOS 7 'un-updatening' in 5...4...
Guess they don't like our battery-draining update?
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.