Feeds

If users are a security threat, how do you manage them?

Your problems answered by the experts

  • alert
  • submit to reddit

Intelligent flash storage arrays

Ed Moore, OpenWeb product manager, Openwave Europe

Educating and managing are very different things; one implies awareness while the other restrictions. If you do one then you may not require the other, but I can see a combination of the two working best.

Let’s start at the big picture for education and work inwards to specific points. I’d start with managing expectations and this should start well before an employee joins the company ideally. If you want to stay in control then be very clear about what is to be expected. If company policy states one mobile network and one make of handset which can only be changed after 24 months then say so.

Also say why, especially if it’s an argument that’s not factually based; ‘data security’ is good, ‘budget controls’ is also pretty good but I consider ‘compatibility’ to be less so as it opens up arguments which can be hard to win.

If your policy is to allow everything but a user is on their own in terms of support, that can also be a fine policy – if you have the power to stand up for it. Many a time I’ve seen a rogue user sheepishly approach a help desk for support even though they purchased a totally unsupportable piece of experimental kit. If you can’t say no at this point then you’re in trouble.

After awareness you should go for generic education and this should be a mixture of technical and behavioural; don’t leave your handset on view, use a headset in the car, backup your contacts, unplug your adaptor when not in use.

Make people aware of dangers; don’t leave Bluetooth enabled as your handset files can be read by someone else, put on passwords and lock the screen when idle, clear out sent messages from the Outbox. Such rules should be made in to a user guide and ideally training course, you then have everyone sign that they’ve understood it. At least it’ll get some attention that way.

What to do about specific device handset support and education? My recommendation would be to make a simple website and get users to visit it from their phone browser. It’ll force everyone to get that far and also gives you the User Agent. You can use this to show help tips for the particular device and makes it far more relevant.

Management is hard to decide on the correct level to apply. If you’ve been very restrictive in handset and network choice you can feasibly add in management controls, but otherwise it’s very hard. Device management packages and auditing controls do exist but you’re really specifying smartphones to do this, which makes the potential security issues that much greater. So are you better off?

The one I would recommend if you can get it through HR is to enable the potential for automatic handset tracking. In this way there’s a real opportunity to get a handset back if it’s stolen, but also serves to strengthen the perception of control. Simply knowing that a handset can be interrogated could serve as an efficient brake on user behaviour on a range of issues. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.