Smartphone vendors have made a 180-degree turn on security. During the early days, security took a back seat to super-fast product cycles, making it easy for developers to focus on unique, ground-breaking features without the worry or responsibility of halting vulnerabilities. Now, however, with a couple of highly-publicized failures behind them, the Android community has re-prioritized security with aggressive product features (such as Android Enterprise and SE for Android) to create an enterprise-ready smartphone platform.
IT managers who see mobility as a key technology should take advantage of the work of the smartphone ecosystem of hardware and software vendors. If you know what is going on in the Android smartphone ecosystem, you can build your own mobility strategy to ensure that smartphones and tablets do not pose a threat to enterprise cybersecurity.
Here are some tips to help enterprise IT managers synchronize with the work of the smartphone ecosystem to improve mobile security and maintain a strong mobile defense strategy.
Pay Attention to Hardware
It’s not just screen sizes and CPU speeds that differentiate smartphones and tablets. Android, in particular, can make use of a trusted execution environment (TEE) to increase overall smartphone security. But not every smartphone has a TEE, and not every TEE offers the same set of security features. There are differences even within a single vendor’s product line. For example, the Samsung line of smartphones, tablets, and wearables have Knox built in, encapsulating mobility’s highest level of hardware security as part of its platform. Currently, you’re not going to find that kind of chip-up security protocol baked in to any other product line’s mobile ecosystem.
Paying attention to hardware and selecting hardware that includes security features such as secure storage of encryption keys and boot-time operating system verification will result in a more enterprise-class platform that is not so easily compromised by malware, hackers, thieves and even mischievous staff members. IT managers who synchronize their hardware choices with the best secure hardware offered by smartphone vendors will be starting from a position of security strength.
Synchronize Your Security Updates
There are a lot of moving parts that make up the smartphone ecosystem, and coordinating them all is not easy. When it comes to security updates, getting everyone to synchronize is especially hard, but it’s critical to ensure that public vulnerabilities don’t go unpatched on end users’ smartphones and tablets.
Take advantage of the work that smartphone vendors have put into coordinating the Android community, cell phone carriers, and their own quality assurance (QA) and development teams by quickly applying security updates as they become available. This will ensure that you are not only running the most secure operating system and firmware available, but you have the narrowest window of vulnerability possible.
For fastest response to security patches, consider working directly with the smartphone vendor, using unlocked devices instead of a carrier.
Another reason to pick a premium security-focused device for your mobility deployment: smartphone vendors put more resources into these devices, and offer a longer commitment to maintain them. In Samsung’s enterprise-class devices, for example, there’s a commitment to deliver security patches on a monthly basis for three years. On their low-end smartphones, that turns into a two-year commitment and quarterly patches. Users may be happy with a new smartphone every two years, but having the ability to extend that to three years gives IT managers more options and reduces the overall costs of deployment.
A mobile defense strategy that links the software update and patching strategy to your smartphone vendors’—and that selects devices for their long-term support model—will pay off with fewer unpatched devices and reduced overall risk.
Manage for Security
Mobile devices aren’t inherently insecure — but it’s easy to accidentally ruin their security with the wrong settings. Disabling software updates or removing device PINs are some of these common changes that end users make, which negatively affect device security. IT managers should use mobile device management (MDM) or enterprise mobility management (EMM) tools to control device settings and ensure that basic security isn’t being compromised. These can be cloud-based, on-premises, or even part of a SaaS offering such as Microsoft Office 365.
At the same time, MDM/EMM tools can be used to leverage the security features that an enterprise might want. For example, the generic Android dual-profile for home/work should be enforced and managed through MDM/EMM tools. If you’ve selected devices with security options that go beyond the standard Android build, pick an MDM/EMM solution that exposes those features for management and make sure that they’re set to match your own enterprise requirements.
For many IT managers, the process of security for mobile devices is opaque, especially compared to their long-standing experiences with desktop, server and application vendors. As with servers and applications, though, IT managers can make device, software and configuration choices that improve security by following the lead of the ecosystem attached to their smartphone and tablet platform vendors.
Take our free mobile security assessment to find out how well your company is covered — and how you can stay ahead of the curve.