Mobility sounds great: trade in your laptop for a smartphone and new applications, carry less and move more freely and you’ve got one device to do everything you need. Sounds great for the mobile worker — but what about that InfoSec manager in the back jumping up and down and waving their hand around furiously?
Turns out you can’t just dump applications on a smartphone and get the same level of security you had with a carefully crafted Windows laptop configuration — there’s some work to be done to match or exceed what you had on the old laptops. Here are the first three things you need to know.
You Need a New — Simpler — Security Management Toolset
With Windows laptops, you’ve got an End-Point Security (EPS) suite, Windows domain tools such as GPOs, and some other security and management tools, such as Microsoft’s System Center Configuration Manager or similar products from Symantec or Micro Focus ZENworks. Those types of solutions won’t do much when it comes to managing smartphone security, because it’s all pretty heavyweight and complicated.
The good news is that your smartphone management tool (yes, you need only one, rather than three or more) will be easier to deploy and an order of magnitude less arcane than its PC equivalents. Called Mobile Device Management or Enterprise Mobility Management (MDM/EMM) tools, these handle all aspects of device management — including security. You’ll have to pick one from an abundance of good choices, including both on-premises and cloud-based solutions.
Even better news: with a simpler base operating system, no legacy to carry around, and no Windows Domain to further complicate things, smartphone security management using MDM/EMM tools is convenenient, and may make you wonder why there aren’t more settings to fiddle with. The answer is easy: with a smartphone, it’s all about the applications. That’s where your security settings go — and that’s where they belong. The closer you can move security to the application, the tighter the binding between security controls and sensitive data, and the lower the overall risk of human and design error.
Your Devices Have More Capabilities Than Before
Most laptops get treated as nothing more than a platform for the operating system. With smartphones, there’s a world of difference, as the hardware of the smartphone is an active partner in enforcing security. Each platform and device brings a different set of capabilities, but almost all are stronger than what you get with a basic laptop.
For example, Samsung’s smartphones have Samsung Knox behind them, which adds layers of security that are leveraged to bring stronger enforcement and detection capabilities. The Knox platform includes baked-in support for per-device digital certificates that provide a cryptographically secure identity to a device, a secure and trusted boot process that ensures only an uncorrupted operating system will boot, continuous monitoring of the kernel to block malware, and a Trusted Execution Environment that can securely store encryption keys so they can’t be stolen. All that’s in the hardware, underneath the operating system — and is used by the Android operating system as well.
No matter what vendor you select in the Android ecosystem, you’ll find that enterprise-class smartphones also offer more visible security features such as fingerprint and retina readers that you can leverage all the way up to the application layer. Using the smartphone’s fingerprint reader for application identification is not a challenge, because the link is made through well-documented APIs and industry standards groups such as the FIDO Alliance. Yes, there are a few expensive laptops that do that, but virtually all smartphones do it now.
These are just examples of the stronger base security you get when going mobile. Taking advantage of these new capabilities is part of the switch.
Your Operating System Is Designed to Handle Mobile Work Securely
Windows is great. Except that there’s too much of it: embedded, storage, desktop, server, virtualized, phone and tablet versions, each carrying the security overhead of every version that came before. Android is a relative baby compared to Windows, but has two huge advantages: First, Google can learn all of Windows’ security lessons without having to make the same mistakes, and secondly, there’s just one reason for Android to exist: it’s a smartphone operating system.
Every InfoSec manager knows that complexity is the enemy of good security, and Android is not only simple, but also has enterprise security features baked into the operating system itself, such as work profiles, which help to partition your smartphone into personal and work sides, with strong controls preventing data sharing between the two sides.
Enterprise-focused smartphone vendors also offer operating system security extensions. For example, Knox Platform for Enterprise adds features such as Data Loss Prevention controls, more advanced VPN capabilities and some specialized key management and encryption features.
For InfoSec managers, the key takeaway is to realize that the Android operating system itself has easy-to-use features specifically designed for enterprise security — if you’ll take the time to turn them on as you switch to a mobile workforce.
Changing laptops to smartphones will make end users happier. Treating the smartphone platform as a fundamentally different offering than laptops will also make InfoSec managers happier — and reduce security risk.
Explore the benefits — from security to integration — of switching to Samsung for all your business needs.