Mobile devices, including smartphones and tablets, have become standard issue for field service personnel. What started as a way to replace weighty manuals has turned into a mission-critical function with equal parts communication, documentation and workflow application all rolled into a single device. But these ultra-mobile devices can also be ultra-vulnerable if not managed properly. For businesses, security cannot take a back seat.

IT managers should keep in mind these guidelines to ensure their enterprise mobile devices, and the field service staff who depend on them, are up and running at all times:

1. Appropriately Protect the Device

The biggest risk to devices in the rough-and-tumble environment of field service is damage: broken screens, dented corners and strangely stressed cables are all par for the course. The first instinct for most IT managers is to encase the device to help protect it, which is an excellent first step.

But think twice when picking both devices and cases. Some cases will cover up the fingerprint reader, causing a fall-back to old-tech passwords. To keep using high-security biometrics for authentication, such as both unlocking the device and authenticating to applications, select devices that use iris recognition instead, such as Samsung’s newer smartphones — and make sure that the case doesn’t cover the additional camera and infrared LED needed to make the iris scans work.

Connectors, cables and power supplies are often the least-reliable part of any computer system, and that counts double for smartphones and tablets. IT managers may not be able to afford to send a spare device out in the field with every worker, but a spares kit of extra heavy-duty cables and a second set of AC — or DC if appropriate — chargers should be standard issue with every device that leaves the office.

IT managers should make sure that swapping devices is both fast and easy. A technician sitting waiting for their handheld to be replaced is wasted money. IT managers who are already using mobile device management (MDM) or enterprise mobility management (EMM) tools for other purposes should definitely be putting field service devices under centralized management to speed deployment of policy and configuration, and enable remote device monitoring.

If MDM or EMM tools are not right, IT managers can find lightweight alternatives, both in end-point security products and vendors’ own toolkits. For example, Samsung offers the Knox Configure solution, a cloud-based tool that speeds the configuration of Galaxy devices to get them running quickly, and securely, with a common corporate policy.

2. Protect Corporate Data

Field service devices may seem low on the vulnerability list, but they can act as portals to lots of private corporate information. And, their ability to directly connect to infrastructure for testing and deployment of customer equipment gives them oversized access to sensitive systems. IT managers should make common-sense decisions about device security to ensure that a lost device doesn’t endanger data or systems.

For example, features such as limiting application store choice, defining application whitelists, requiring regular software updates for both operating systems and installed applications, and setting up remote device wipe capabilities should all be part of the profile for each device. The ability to remotely wipe a device is especially important within field service, where there is an increased risk of devices falling out of pockets and hands or getting misplaced.

IT managers should also be realistic about user behaviors and realize that personal use will inevitably mix with corporate applications if they allow it. The right path forward will depend on circumstances, but IT managers may consider locking down device functionality to turn them into dedicated application terminals. That said, this may force field service staff to carry a second device for personal use, which brings other types of challenges.

An alternative is to use devices that have built-in hardware support for containerization features. With containers on Android phones, such as Samsung’s Knox Workspace, IT managers have the ability to segment devices into corporate and personal profiles, with strict controls on what is allowed to cross the boundary between the two. Corporate containers can and should have extra encryption and authentication enabled and should be locked down to particular network destinations, such as trusted corporate and application-specific servers, to prevent leakage of sensitive data.

3. Protect the Network

Field devices will spend most of their time on carrier networks. But Wi-Fi access through unsecured Wi-Fi networks or through subscription-based hotspot services is also inevitable. In any case, IT managers should consider all networks, carrier and Wi-Fi, as untrusted.

To protect against current and future attacks, IT managers should ensure that all corporate data and applications run over encrypted connections. A VPN tunnel is one very secure option that might be right for some environments but might be somewhat too extensive for most everyday applications.

Most IT managers can leverage their existing application delivery infrastructure to ensure that every connection, whether for documentation, data entry, or infrastructure management, travels over a properly configured TLS/SSL connection. On the mobile device side, configuring a proxy to ensure that all traffic to corporate domain names goes securely is a simple, but strong, protection against man-in-the-middle attacks.

Field service users depend on their devices. IT managers need to secure those devices, but keep in mind the real-world usage environment to size security appropriately.

See how enterprise mobile solutions are changing the way that employees work on a daily basis.